Closed ViRb3 closed 6 years ago
sig spoof only alters the signature android attests of an app to other apps. android itself does not believe the fake signature, so app signing security continues to be enforced.
PM is rejecting the install:
03-15 13:52:05.177: W/PackageManager(1410): Package com.android.vending signatures do not match the previously installed version; ignoring!
you seem to have a legitimate play store installed and android is enforcing the same sig update rule. delete the vending app (possibly from system) then retry. you might want to use a tool for that, or at least delete its data and reboot.
Got it, thank you!
First of all I want to say incredible job on haystack and DexPatcher!!
I just applied the patches on my OnePlus 5T running OxygenOS (stock), Android 8.0. I ran your signature spoof test app and it confirmed that everything is working. I then proceeded to installing my target app (a PlayStore stub), which I modified to include the fake signature in the values resource, as well as the permission in AndroidManifest.xml. When installing the final APK, however, I get the following in logcat:
Obviously the fake signature I added is the same as the APK currently installed on the device.
Am I doing anything wrong? Thanks!