android - Apk 元信息警告
问题描述
当我尝试验证 .apk(andriod 应用程序)是否已签名时,我看到以下错误。
我不确定这个错误到底是什么意思?
这会引起任何安全问题吗?
root@kali:~/Downloads# apksigner verify --verbose magni_v1.2.8_apkpure.com.apk
Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Number of signers: 1
WARNING: META-INF/android.arch.core_runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/android.arch.lifecycle_livedata-core.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/android.arch.lifecycle_runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/android.arch.lifecycle_viewmodel.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-compat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-core-ui.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-core-utils.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-fragment.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-media-compat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-v4.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/rxjava.properties not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
谢谢
解决方案
APK 的签名保证了如果一个文件在签名后在 APK 中发生了变化,那么它就不能安装在 Android 设备上(签名会失效)。
APK的签名存放在APK的META-INF目录下,也就是说如果其他一些文件存放在META-INF目录下,则不会被签名覆盖。您看到的警告显示您的 APK 中的一些文件位于 META-INF 目录中,不受签名保护。
实际上,这些文件并不重要,它们主要是您依赖的库的版本(只有版本号,而不是那些已经在 dex 代码中编译的库的实际代码),所以即使有人修改了这些,它不会对您的应用产生任何影响。这就是为什么它只是一个警告:您的 APK 中的那些文件可以被其他人修改,同时仍然假装 APK 是由您签名的,但这些文件并不重要。
这在 APK 中很常见,所以我不会担心。
推荐阅读
- java - 使用 Uri 创建文件后文件为空 - 改造
- datetime - SQL 从 3 周前获得最后更新的 DATETIME 字段
- r - R包copula:cCopula中的维度顺序重要吗?
- scala - 使用保存的 Spark mllib 决策树二元分类模型对新数据进行预测
- amazon-redshift - Redshift 中的季度日
- python - pip 和 python 在同一路径但版本不同
- ios - 显示叠加视图,但未删除
- database - 基于日期查询 Cosmos Db 的 Gremlin 语法
- python - 将 Pyspark 数据框中的字典拆分为单独的列
- python - 如何在 struct.pack 中打包字符串