尝试验证.apk(andriod应用程序)是否签名时,我看到以下错误。
我不确定此错误的确切含义吗?
这引起任何安全方面的担忧吗?
root@kali:~/Downloads# apksigner verify --verbose magni_v1.2.8_apkpure.com.apk
Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Number of signers: 1
WARNING: META-INF/android.arch.core_runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/android.arch.lifecycle_livedata-core.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/android.arch.lifecycle_runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/android.arch.lifecycle_viewmodel.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-compat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-core-ui.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-core-utils.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-fragment.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-media-compat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-v4.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/rxjava.properties not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
谢谢
答案 0 :(得分:8)
APK的签名保证了,如果文件在签名后在APK中被更改,则无法将其安装在Android设备上(签名将无效)。
APK的签名存储在APK的META-INF目录中,这意味着如果某些其他文件存储在META-INF目录中,则签名不覆盖它们。看到的警告显示您的APK中META-INF目录中的某些文件不受签名保护。
实际上,这些文件并不重要,它们主要是您所依赖的库的版本,因此即使有人对其进行了修改,也不会对您的应用程序产生任何影响。这就是为什么这只是一个警告:APK中的那些文件可以被其他人修改,同时仍然假装APK由您签名,但是这些文件并不重要。
这在APK中非常普遍,因此我不必担心。