KevinX8
commented
5 years ago Could you please specfiy what change in newer android builds breaks this function? I am unable to find any documentation about it online.
Closed iBotPeaches closed 1 year ago
KevinX8
commented
5 years ago Could you please specfiy what change in newer android builds breaks this function? I am unable to find any documentation about it online.
iBotPeaches
commented
5 years ago @KevinX8 https://source.android.com/security/apksigning#schemes
Injection of files without resigning application will not work without taking out layers of AOSP security with modified ROMs. So best choice of action is to remove the feature to prevent confusion.
KevinX8
commented
5 years ago @KevinX8 https://source.android.com/security/apksigning#schemes
Injection of files without resigning application will not work without taking out layers of AOSP security with modified ROMs. So best choice of action is to remove the feature to prevent confusion.
Hmm well could you add a warning that the features doesn't work on apps that use v3 or higher instead as the feature is still useful for apps on v2 or lower, which for some reason some app developers still use eg YouTube.
Ticklefish
commented
4 years ago I hate to be annoying but is it possible this feature could be left in apktool? I know V2 and V3 signing makes it redundant but it's still very useful for people trying to mod their system apps (framework-res.apk, SystemUI.apk, ETC). I've yet to encounter any roms where those files are signed with either the V2 or V3 methods.
It's not a major problem if the feature is removed, we can get around it, but it's really handy to have the option there.
X1nto
commented
4 years ago As Kevin said, YouTube still uses V1, which makes it handy to modify and add layers to it, can you put a warning for apps that use V3 and higher so it won't break anything and feature will still persist in app
Ticklefish
commented
4 years ago So...is this still set to be removed? It's a useful feature but I do see how it can confuse people.
iBotPeaches
commented
4 years ago I'll delay it till 2.6. Should be about 1-1.5 years.
Ticklefish
commented
4 years ago I never did reply to this..
Thank you for delaying the removal. It's very helpful.
iBotPeaches
commented
3 years ago Updated tool to reflect delay to 2.6 - https://github.com/iBotPeaches/Apktool/commit/94e224ee3f7ec456ace7ce153d28ab1435de03c8
iBotPeaches
commented
3 years ago I renamed 2.5.1 to 2.6.0 and after 2.6.0. Apktool is going in 2 branch directions
tldr - marking this 3.0.0.
tconn87
commented
2 years ago I'm new to modding, so I'm not sure I follow the thread. Can the original META-INF folder still be used if other files are modified? And the original app signature will remain intact?
KevinX8
commented
2 years ago No, the signature won't remain intact, this used to work for apps signed with v2 and below that were installed as system apps but now almost every app has switched to v3+, even YouTube which makes this feature obsolete, we found a completely different method to keep signature intact for vanced here: https://github.com/YTVanced/VancedManager/tree/compose/app/src/main/java/com/vanced/manager/core/installer/util
tconn87
commented
2 years ago Is Vanced a mod of the YouTube app? If it is, is your method preserving the signature of Vanced, or of YouTube?
KevinX8
commented
2 years ago Is Vanced a mod of the YouTube app? If it is, is your method preserving the signature of Vanced, or of YouTube?
Yes, it preserves the signature of stock YouTube so that Google play services will function with vanced but the method will work with any app
tconn87
commented
2 years ago Can you be my new best friend? I've been trying to capture network traffic from a Unity game. I've followed tutorials to edit network_security_config.xml. After rebuilding, zipaligning, and signing I've gotten to where I can see https traffic with a proxy but the Google Sign-In fails. I'll look through those files a bit more later to try to understand what they're doing (was looking during work for a bit, but had to give up). I haven't been active in Android Studio since before Kotlin came along and I couldn't find a good resource on the shell commands that were being executed. Can you explain it a bit more or is there a better forum to have this discussion?
KevinX8
commented
2 years ago Can you be my new best friend? I've been trying to capture network traffic from a Unity game. I've followed tutorials to edit
network_security_config.xml. After rebuilding, zipaligning, and signing I've gotten to where I can see https traffic with a proxy but the Google Sign-In fails. I'll look through those files a bit more later to try to understand what they're doing (was looking during work for a bit, but had to give up). I haven't been active in Android Studio since before Kotlin came along and I couldn't find a good resource on the shell commands that were being executed. Can you explain it a bit more or is there a better forum to have this discussion?
Sure we can discuss it further on https://discord.gg/vanced
mwilky
commented
2 years ago Seems like the new android 13 release (Pixel 6 Pro) enforces the new signature standards on system apps for me now. I can no longer boot a decompiled/recompiled SystemUIGoogle, even when using original signatures.
Noticed Failed to scan /system_ext/priv-app/SystemUIGoogle: No APK Signature Scheme v2 signature in package /system_ext/priv-app/SystemUIGoogle/SystemUIGoogle.apk in the logcat
iBotPeaches
commented
1 year ago No longer deprecating this. Still has uses.
Per deprecation note, this feature will be removed in Apktool ~v2.5.0~ v2.6.0 due to stricter Android builds making it useless.