本文是小编为大家收集整理的关于Apk Metainfo警告的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。
问题描述
如果在签名.apk(andriod应用程序),我试图验证时,我会看到以下错误.
我不确定这个错误是否意味着什么?
是这提出了任何安全问题?
root@kali:~/Downloads# apksigner verify --verbose magni_v1.2.8_apkpure.com.apk Verifies Verified using v1 scheme (JAR signing): true Verified using v2 scheme (APK Signature Scheme v2): true Number of signers: 1 WARNING: META-INF/android.arch.core_runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/android.arch.lifecycle_livedata-core.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/android.arch.lifecycle_runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/android.arch.lifecycle_viewmodel.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/com.android.support_support-compat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/com.android.support_support-core-ui.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/com.android.support_support-core-utils.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/com.android.support_support-fragment.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/com.android.support_support-media-compat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/com.android.support_support-v4.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/rxjava.properties not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
感谢
推荐答案
apk的签名保证,如果在签名后在APK中更改文件,则无法安装在Android设备上(签名将无效).
APK的签名存储在APK的Meta-Inf目录中,这意味着如果将其他一些文件存储在Meta-Inf目录中,则它们不被签名所覆盖.您看到的警告显示了APK中的某些文件,这些文件位于不受签名的Meta-Inf目录中.
在实践中,这些文件并不重要,它们大多是您依赖的库版本(仅版本号,而不是在DEX代码中已经编译的那些库的实际代码),因此即使有人修改过那些,它对您的应用没有任何影响.这就是为什么它只是一个警告:APK中的那些文件可以由其他人修改,同时仍在假装APK由您签名,但这些文件并不重要.
这在APKS中是一个很常见的事情,所以我不担心它.
问题描述
I see the below error when I tried to verify, if the .apk (andriod application)is signed or not.
I'm not sure what this error exactly means?
Is this raises any security concerns ?
root@kali:~/Downloads# apksigner verify --verbose magni_v1.2.8_apkpure.com.apk Verifies Verified using v1 scheme (JAR signing): true Verified using v2 scheme (APK Signature Scheme v2): true Number of signers: 1 WARNING: META-INF/android.arch.core_runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/android.arch.lifecycle_livedata-core.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/android.arch.lifecycle_runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/android.arch.lifecycle_viewmodel.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/com.android.support_support-compat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/com.android.support_support-core-ui.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/com.android.support_support-core-utils.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/com.android.support_support-fragment.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/com.android.support_support-media-compat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/com.android.support_support-v4.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/. WARNING: META-INF/rxjava.properties not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
Thanks
推荐答案
The signature of the APK guarantees that if a file is changed in the APK after it is signed, it can't be installed on an Android device (the signature would be invalidated).
The signature of the APK is stored in the META-INF directory of the APK, which means that if some other files are stored in the META-INF directory, they are not covered by the signature. The warning you see shows you some files in your APK that are in the META-INF directory not protected by the signature.
In practice, these files are not important, they're mostly versions of libraries you depend on (only the version number, not the actual code of those libraries which is already compiled in the dex code), so even if someone modified those, it wouldn't have any impact on your app. That's why it's only a warning: those files in your APK can be modified by someone else while still pretending that the APK is signed by you, but those files don't really matter.
This is quite a common thing within APKs, so I wouldn't worry about it.
更多相关问答
联系站长