Android: remove existing signature from APK
April 20, 2011 15:10:03 Last update: April 20, 2011 15:10:03
When you sign an APK with existing signature, the new certificate is appended to the existing one. If you want to replace the existing certificate, you need to remove it first. But since an APK is just a zip file, this is pretty easy:
- Remove existing signature:
$ zip -d HelloWorld-new.apk META-INF/* deleting: META-INF/MANIFEST.MF deleting: META-INF/ANDROID-.SF deleting: META-INF/ANDROID-.RSA deleting: META-INF/CERT.SF deleting: META-INF/CERT.RSA
- Verify:
$ unzip -l HelloWorld-new.apk Archive: HelloWorld-new.apk Length Date Time Name --------- ---------- ----- ---- 1124 04-20-2011 14:00 res/layout/main.xml 1288 04-20-2011 14:00 AndroidManifest.xml 1592 04-20-2011 14:00 resources.arsc 3966 04-20-2011 14:00 res/drawable-hdpi/icon.png 1537 04-20-2011 14:00 res/drawable-ldpi/icon.png 2200 04-20-2011 14:00 res/drawable-mdpi/icon.png 3508 04-20-2011 14:00 classes.dex --------- ------- 15215 7 files - Sign it again:
$ jarsigner HelloWorld-new.apk android-root Enter Passphrase for keystore: password
