当我尝试验证.apk(andriod 应用程序(是否已签名时,我看到以下错误。
我不确定此错误到底是什么意思?
这是否会引起任何安全问题?
root@kali:~/Downloads# apksigner verify --verbose magni_v1.2.8_apkpure.com.apk
Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Number of signers: 1
WARNING: META-INF/android.arch.core_runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/android.arch.lifecycle_livedata-core.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/android.arch.lifecycle_runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/android.arch.lifecycle_viewmodel.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-compat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-core-ui.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-core-utils.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-fragment.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-media-compat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-v4.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/rxjava.properties not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
谢谢
APK 的签名保证,如果文件在签名后在 APK 中发生更改,则无法将其安装在 Android 设备上(签名将失效(。
APK 的签名存储在 APK 的 META-INF 目录中,这意味着如果其他一些文件存储在 META-INF 目录中,则它们不会被签名覆盖。您看到的警告显示 APK 中的一些文件位于 META-INF 目录中,不受签名保护。
实际上,这些文件并不重要,它们大多是你所依赖的库的版本(只有版本号,而不是已经在 dex 代码中编译的那些库的实际代码(,所以即使有人修改了这些文件,也不会对你的应用程序产生任何影响。这就是为什么它只是一个警告:APK中的那些文件可以被其他人修改,同时仍然假装APK是由你签名的,但这些文件并不重要。
这在APK中很常见,所以我不会担心。