Sponsored Links
-->

Saturday, May 5, 2018

Android Security] Attacking the Android Package Manager from the past.
src: 4.bp.blogspot.com

Android Package (APK) is the package file format used by the Android operating system for distribution and installation of mobile apps and middleware.

APK files are analogous to other software packages such as APPX in Microsoft Windows or Deb packages in Debian-based operating systems like Ubuntu. To make an APK file, a program for Android is first compiled, and then all of its parts are packaged into one file. An APK file contains all of that program's code (such as .dex files), resources, assets, certificates, and manifest file. As is the case with many file formats, APK files can have any name needed, provided that the file name ends in ".apk".

APK files are a type of archive file, specifically in zip format packages based on the JAR file format, with .apk as the filename extension. The MIME type associated with APK files is application/vnd.android.package-archive.

APK files can be installed on Android powered devices just like installing software on PC. When a user downloads and installs an Android application from either an official source (such as Google Play), or from some other (unofficial) site, they are installing an APK file on their device. A user or developer can also install an APK file directly to a device (that is, not via download from the network) from a desktop computer, using a communication program such as adb, or from within a file manager app in a process known as sideloading. Installation of APK files downloaded outside the Google Play is disabled by default. Users can install unknown APK files by enabling "Unknown sources" from "Accounts and Security" in Settings.


Video Android application package



Package contents

An APK file is an archive that usually contains the following files and directories:

  • META-INF directory:
    • MANIFEST.MF: the Manifest file
    • CERT.RSA: The certificate of the application.
    • CERT.SF: The list of resources and SHA-1 digest of the corresponding lines in the MANIFEST.MF file; for example:
  Signature-Version: 1.0  Created-By: 1.0 (Android)  SHA1-Digest-Manifest: wxqnEAI0UA5nO5QJ8CGMwjkGGWE=  ...  Name: res/layout/exchange_component_back_bottom.xml  SHA1-Digest: eACjMjESj7Zkf0cBFTZ0nqWrt7w=  Name: res/drawable-hdpi/icon.png  SHA1-Digest: DGEqylP8W0n0iV/ZzBx3MW0WGCA=  
  • lib: the directory containing the compiled code that is specific to a software layer of a processor, the directory is split into more directories within it:
    • armeabi: compiled code for all ARM based processors only
    • armeabi-v7a: compiled code for all ARMv7 and above based processors only
    • arm64-v8a: compiled code for all ARMv8 arm64 and above based processors only
    • x86: compiled code for x86 processors only
    • x86_64: compiled code for x86 64 processors only
    • mips: compiled code for MIPS processors only
  • res: the directory containing resources not compiled into resources.arsc (see below).
  • assets: a directory containing applications assets, which can be retrieved by AssetManager.
  • AndroidManifest.xml: An additional Android manifest file, describing the name, version, access rights, referenced library files for the application. This file may be in Android binary XML that can be converted into human-readable plaintext XML with tools such as AXMLPrinter2, apktool, or Androguard.
  • classes.dex: The classes compiled in the dex file format understandable by the Dalvik virtual machine and by the Android Runtime.
  • resources.arsc: a file containing precompiled resources, such as binary XML for example.

Maps Android application package



See also

  • Android Runtime
  • Android software development
  • Dalvik (software)
  • .ipa (file extension)

How to rename an android package? (android studio) - YouTube
src: i.ytimg.com


References

Source of article : Wikipedia