Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What are the purposes of files in META-INF folder of an APK file?

Tags:

android

apk

digital-signature

What are the purposes of MANIFEST.MF, CERT.SF and CERT.RSA file in the META-INF folder in an android APK.

like image 286
Live Seven Avatar asked Sep 03 '16 04:09

Live Seven

People also ask

What is the purpose of META-INF?

The META-INF directory The manifest file that is used to define extension and package related data. This file is generated by the new "-i" option of the jar tool, which contains location information for packages defined in an application or extension.

What is META-INF in APK?

What is the META-INF folder Android? Jar files are used by all types of java applications, they have a specific structure – the META-INF folder contains the manifest information and other metadata about the java package carried by the jar file.

What is META-INF folder in Web application?

The META-INF folder is the home for the MANIFEST. MF file. This file contains meta data about the contents of the JAR. For example, there is an entry called Main-Class that specifies the name of the Java class with the static main() for executable JAR files.

Where is META-INF folder?

Basically it has to be in your classpath(under /META-INF/ ). You can manually enable it in eclipse by configuring properties. If your project is maven based, then it should be automatically picked from /src/main/resources/META-INF/ folder (provided entities are under the same hood).

1 Answers

An android APK file is actually a jar file (java archive), it is just a plain zip file with or without compression. Jar files are used by all types of java applications, they have a specific structure - the META-INF folder contains the manifest information and other metadata about the java package carried by the jar file.

The purposes of these files are as follows:

  1. MANIFEST.MF: It contains various information used by the java run-time environment when loading the jar file, such as which is the main class to be run from the jar file, version of package, build number, creator of the package, security policies/permissions of java applets and java webstart packages, the list of file names in the jar along with their SHA1 digests, etc.
  2. CERT.SF: This contains the list of all files along with their SHA-1 digest.
  3. CERT.RSA: This contains the signed contents of the CERT.SF file along with the certificate chain of the public key used for signing the contents.

As an example, Refer to a sample apk file here. If you download and expand this file using a file decompression program like 7zip to your desktop, you can see a sample of these files.

In the extracted directory, go to sub-directory META-INF and view the contents of the files manifest.mf and *.sf files. Here are the first few lines of these files:

File MANIFEST.SF:

Manifest-Version: 1.0
Created-By: 1.7.0_60 (Oracle Corporation)

Name: res/drawable-xxhdpi-v4/common_plus_signin_btn_text_dark_pressed.9.png
SHA1-Digest: Db3E0/I85K9Aik2yJ4X1dDP3Wq0=

Name: res/drawable-xhdpi-v4/opt_more_item_close_press.9.png
SHA1-Digest: Xxm9cr4gDbEEnnYvxRWfzcIXBEM=

Name: res/anim/accessibility_guide_translate_out.xml
SHA1-Digest: dp8PyrXMy2IBxgTz19x7DATpqz8=

The file MCTN.SF contains the digests of the file listings in MANIFEST.MF along with an empty line:

Signature-Version: 1.0
SHA1-Digest-Manifest-Main-Attributes: Sen4TNWb3NQLczkzN1idKh81Rjc=
Created-By: 1.7.0_60 (Oracle Corporation)
SHA1-Digest-Manifest: NAWTDC05HK+hfNtQ91J4AoL9F7s=

Name: res/drawable-xxhdpi-v4/common_plus_signin_btn_text_dark_pressed.9.png
SHA1-Digest: pvIZkdVTEuilCdx8UkrlY6ufPlw=

Name: res/anim/accessibility_guide_translate_out.xml
SHA1-Digest: XeX9Q2w41PRm3KiZ5p07x3CY6hc=

The file MCTN.RSA contains the signature in base64 encoding generated over file MCTN.SF.

See this reference for details on how to verify the signatures of APK packages - http://theether.net/kb/100207

like image 98
Sandeep S. Sandhu Avatar answered Nov 11 '22 21:11

Sandeep S. Sandhu
Sign in to Comment

Related questions

is calling libgdx SpriteBatch begin and end method multiple times expensive?
How to check if position if valid in StreetView in Android
Why does my app Size and Current Version "Varies with device" though I only uploaded one APK?
Gson deserializing nested objects with InstanceCreator
How to pass Camera preview to the Surface created by MediaCodec.createInputSurface()?
Android app icon name picked from activity label than from application label
persian/arabic search in sqlite android gives bad result
passing the GoogleApiClient obj from one activity to another
How to upload multiple files on Android using the multiple property?
Redirect to Android App from a Website?
Using window.print() or alternative on Android devices
RecyclerView, StaggeredGridLayoutManager Refresh Bug
navigator.geolocation.getCurrentPosition always getting timeout in Android until GPS/Location is OFF
How can I know that onCreateView has been called from an outer class?
Android Studio Vector Asset Import Error - Tags Not Supported
Android: Ripple Background Programmatically
How to move the Android Spinner drop down arrow closer to it's emitting text
Create pre build event to copy files to assets folder in Android application
How to set dialog window background to transparent, without affecting its margin
Google Play Services 9.2.0 missing classes [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!