Modifying & signing an apk


To make an application debuggable, it needs to be able to go into debug mode. The flag debuggable='true' in the AndroidManifest.xml files enables the app to go in this debug mode.

But production apps do not have this enabled.

Modification

We need the awesome Apktool for this step, here are the steps to follow (detailed steps here):
  • Download the linux wrapper script from here - Save link as 'apktool'
  • Grab the latest version from here (.jar file) - Save it as apktool.jar
  • Move both the files obtained in the previous steps to /usr/local/bin/ (root needed for this step)
  • Make both files executable - chmod +x
  • Test the tool by running - apktool
Next, our aim here is to access the AndroidManifest.xml of the target apk file and edit its contents:
  • Dump the contents using apktool - apktool d target_app.apk
  • A new folder will be created with the name of the apk, this folder will contain the AndroidManifest.xml file
  • If you encounter an error during the previous step, make sure you have the latest version of apktool
  • Edit the .xml file - nano AndroidManifest.xml
  • Under the application tag enter the following - android:debuggable = "True"
Next we need to build the apk back:
  • Run the following command on the apk folder - apktool b target_apk_folder
  • You will find the .apk file in the dist folder
This gives us a modified apk file, in this case we made the apk debuggable. But when we try to install this apk we get a certificate error.

That is because this new modified apk does not have proper signed certificate.

Signing an apk

We use the tool Apk Sign to sign our modified apk.
  • Download the tool and in the base folder execute - ./build.sh
  • After a successful build grab the sign.jar file from the dist folder
  • Run the following command on our target apk - java -jar sign.jar target_apk.apk
  • We get a signed apk file - target_apk.s.apk
This apk file can now be installed on our device.