Android: remove existing signature from APK 

Joined:
07/27/2010
Posts:
130

April 20, 2011 15:10:03    Last update: April 20, 2011 15:10:03
When you sign an APK with existing signature, the new certificate is appended to the existing one. If you want to replace the existing certificate, you need to remove it first. But since an APK is just a zip file, this is pretty easy:
  1. Remove existing signature:
    $ zip -d HelloWorld-new.apk META-INF/*
    deleting: META-INF/MANIFEST.MF
    deleting: META-INF/ANDROID-.SF
    deleting: META-INF/ANDROID-.RSA
    deleting: META-INF/CERT.SF
    deleting: META-INF/CERT.RSA
    

  2. Verify:
    $ unzip -l HelloWorld-new.apk
    Archive:  HelloWorld-new.apk
      Length      Date    Time    Name
    ---------  ---------- -----   ----
         1124  04-20-2011 14:00   res/layout/main.xml
         1288  04-20-2011 14:00   AndroidManifest.xml
         1592  04-20-2011 14:00   resources.arsc
         3966  04-20-2011 14:00   res/drawable-hdpi/icon.png
         1537  04-20-2011 14:00   res/drawable-ldpi/icon.png
         2200  04-20-2011 14:00   res/drawable-mdpi/icon.png
         3508  04-20-2011 14:00   classes.dex
    ---------                     -------
        15215                     7 files
    

  3. Sign it again:
    $ jarsigner HelloWorld-new.apk android-root
    Enter Passphrase for keystore: password
    

Share |
| Comment  | Tags