Apk元信息警告 [英] Apk Metainfo Warning
问题描述
当我尝试验证 .apk(andriod 应用程序)是否已签名时,我看到以下错误.
I see the below error when I tried to verify, if the .apk (andriod application)is signed or not.
我不确定这个错误究竟意味着什么?
I'm not sure what this error exactly means?
这会引起任何安全问题吗?
Is this raises any security concerns ?
root@kali:~/Downloads# apksigner verify --verbose magni_v1.2.8_apkpure.com.apk
Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Number of signers: 1
WARNING: META-INF/android.arch.core_runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/android.arch.lifecycle_livedata-core.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/android.arch.lifecycle_runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/android.arch.lifecycle_viewmodel.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-compat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-core-ui.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-core-utils.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-fragment.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-media-compat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.android.support_support-v4.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/rxjava.properties not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
谢谢
推荐答案
APK 的签名保证了 APK 中的文件在签名后如果发生更改,则无法安装在 Android 设备上(签名会失效).
The signature of the APK guarantees that if a file is changed in the APK after it is signed, it can't be installed on an Android device (the signature would be invalidated).
APK的签名存放在APK的META-INF目录下,也就是说如果其他一些文件存放在META-INF目录下,则不会被签名覆盖.您看到的警告显示您 APK 中的一些文件位于 META-INF 目录中不受签名保护.
The signature of the APK is stored in the META-INF directory of the APK, which means that if some other files are stored in the META-INF directory, they are not covered by the signature. The warning you see shows you some files in your APK that are in the META-INF directory not protected by the signature.
在实践中,这些文件并不重要,它们大多是你依赖的库的版本(只有版本号,而不是那些已经在dex代码中编译的库的实际代码),所以即使有人修改那些,它不会对您的应用程序产生任何影响.这就是为什么它只是一个警告:你的 APK 中的那些文件可以被其他人修改,同时仍然假装 APK 是由你签名的,但这些文件并不重要.
In practice, these files are not important, they're mostly versions of libraries you depend on (only the version number, not the actual code of those libraries which is already compiled in the dex code), so even if someone modified those, it wouldn't have any impact on your app. That's why it's only a warning: those files in your APK can be modified by someone else while still pretending that the APK is signed by you, but those files don't really matter.
这在 APK 中很常见,所以我不会担心.
This is quite a common thing within APKs, so I wouldn't worry about it.
这篇关于Apk元信息警告的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
