Android Software Reverse Engineering & Decompilation

Deep Dive: Exploiting Android APK Signature Scheme v2 & v3 Verification Vulnerabilities

By Antigravity Research Published May 29, 2026 ⏱️ 7 Min Read
Google AdSense Native Placement - Horizontal Top-Post banner

Introduction: The Shield of APK Signatures

Android applications are distributed as APK (Android Package) files, which are essentially ZIP archives containing an app’s code, resources, assets, and manifest. To ensure the integrity and authenticity of these applications, Android employs digital signatures. These signatures serve as a crucial security mechanism, verifying that an app has not been tampered with since it was published by the developer and confirming the identity of the developer. Over the years, Android’s signature schemes have evolved, moving from the basic JAR signing (v1) to more robust whole-file protection (v2) and finally incorporating key rotation capabilities (v3). While these advancements have significantly bolstered Android’s security, understanding their underlying mechanics also reveals potential areas where verification could be challenged or exploited under specific conditions.

APK Signature Scheme v1: The Original Standard (JAR Signing)

The first iteration of Android’s signing scheme, APK Signature Scheme v1, is essentially standard JAR signing. It involves signing individual entries within the APK’s ZIP archive. A manifest file (META-INF/MANIFEST.MF) lists all files and their respective SHA1 hashes, which are then signed. This scheme offers file integrity at a granular level. However, v1 has a significant drawback: it does not protect against modifications outside the signed content. Specifically, attackers can inject new files into the APK or modify existing files that are not listed in the manifest, potentially bypassing verification if the package manager only checks the signed entries or if the modifications are done after the signed portion. Furthermore, v1 does not protect against changes to the ZIP metadata.

APK Signature Scheme v2: Whole-File Integrity and Its Nuances

Understanding the APK Signing Block and Merkle Tree

Introduced with Android 7.0 (Nougat), APK Signature Scheme v2 was a significant leap forward. Unlike v1, v2 signs the entire APK file as a single blob. It achieves this by introducing an “APK Signing Block” located between the APK’s contents and the ZIP Central Directory. Inside this block, a Merkle tree is constructed over the entire contents of the APK file (excluding the APK Signing Block itself). The root hash of this Merkle tree is then signed. This mechanism ensures that any modification to the APK file, whether to its contents, metadata, or even the addition of new files, will invalidate the v2 signature. This provides much stronger integrity guarantees, making it far more difficult to tamper with an APK without detection.

To verify a v2 signature and inspect its details, you can use the Android SDK’s apksigner tool:

apksigner verify --verbose my_app.apk

The output will detail the signing certificate, digests, and verify the integrity of the APK according to v2 rules.

The “Append Data” Vulnerability Concept

While v2 provides robust whole-file integrity, early discussions around its implementation sometimes explored edge cases related to how different systems might interpret extraneous data. The core idea for a conceptual “bypass” revolved around appending arbitrary, unsigned data *after* the APK Signing Block and the ZIP Central Directory. Since this data would be outside the structured components that v2 explicitly hashes, it *might* be ignored by certain, less strict parsers or older Android versions, while a robust `apksigner` would correctly flag it.

Consider this theoretical manipulation:

# Create a dummy payload or malicious script
echo "console.log('Malicious payload executed!');" > injected_script.js

# Append it directly to the APK file. This will corrupt the ZIP structure.
cat my_app.apk injected_script.js > my_app_modified.apk

If you then try to verify my_app_modified.apk with a modern `apksigner`:

apksigner verify my_app_modified.apk

The expected output from `apksigner` would be a clear failure, indicating that the ZIP Central Directory was not found at the expected location or that the file is corrupt. This demonstrates that `apksigner` is robust. However, the theoretical vulnerability discussed previously was that some *non-standard tools* or *highly permissive older Android versions* might attempt to parse the APK, find the valid v2 signature in its expected block, and ignore the trailing garbage data, leading to a false sense of security or unexpected behavior. This is less a cryptographic bypass and more an exploitation of parser tolerance.

APK Signature Scheme v3: Key Rotation and Lineage

How v3 Extends v2

Introduced with Android 9 (Pie), APK Signature Scheme v3 builds upon v2 by adding support for key rotation. This is a critical security enhancement, allowing developers to change the signing key used for their app without losing app upgrade continuity. V3 achieves this by incorporating a “proof-of-rotation” block within the APK Signing Block. This block contains the signatures of all previous signing certificates in the app’s lineage, linking them together in a cryptographically secure chain. When an app is updated, the system can verify that the new signing key is a legitimate successor to the old one, preventing an attacker from signing a malicious update with a compromised older key.

Verifying a v3 signed APK:

apksigner verify --verbose --print-certs my_app_v3.apk

The verbose output would show the signing certificates and potentially the proof-of-rotation block details if present.

Exploiting Key Rotation (Conceptual)

The primary security benefit of v3 is preventing malicious key rotation or downgrade attacks. A conceptual vulnerability would arise if a system or a custom app update mechanism *failed to properly validate the proof-of-rotation chain*. For instance, if an attacker managed to compromise an older signing key from an app’s history, and the system was configured to accept *any* valid key from the past (instead of enforcing the strict chain of trust), then the attacker could sign a malicious update using the compromised old key. However, the Android framework’s built-in package manager rigorously enforces the proof-of-rotation, making this scenario highly improbable under normal circumstances. Any “exploitation” of v3 would likely stem from a custom, insecure update implementation rather than a flaw in the scheme itself.

It’s important to differentiate between actual vulnerabilities in the signature scheme (which are rare and quickly patched) and vulnerabilities in how APKs are handled by the system or third-party tools, which can sometimes lead to an effective “bypass” of intended security measures.

Practical Demonstration: Modifying and Verifying APKs

Let’s illustrate how simple modifications can impact verification, even if modern `apksigner` is robust.

Tools for Inspection and Modification

  • apksigner: For verifying APK signatures.
  • zip / 7z: For manipulating ZIP archives.
  • A hex editor (e.g., xxd, HxD): For low-level file inspection.

Step-by-Step Append Example (Using a valid ZIP feature)

Instead of appending arbitrary garbage that corrupts the ZIP, let’s look at adding data that *is* technically valid within the ZIP specification but would have been problematic for v1, and how v2/v3 handle it.

  1. Choose an APK: Get any signed APK file (e.g., from an emulator or a legitimate source).

  2. Add a ZIP Comment: The ZIP format allows for a global comment field at the very end of the archive, after the Central Directory. For v1, this could be modified without invalidating signatures of individual entries. For v2/v3, this modification *should* invalidate the whole-file signature.

    # Original APK (replace with your APK's path)
ORIGINAL_APK="my_app.apk"

# Create a new APK with an added ZIP comment
zip -z "${ORIGINAL_APK}" <<< "This is an added comment which is outside the signed region for v1"

    This command adds a comment. Now, let’s verify.

  3. Verify with apksigner:

    apksigner verify --verbose "${ORIGINAL_APK}"

    Expected Outcome: If the APK was originally signed with v2 or v3, apksigner will report that the v2/v3 signature is **invalid** due to the file modification (the added ZIP comment changed the overall file hash). However, if the APK was *only* v1 signed, the v1 signature might still appear valid, illustrating v1’s weakness.

  4. Attempt Installation (Conceptual): On modern Android, an APK with an invalidated v2/v3 signature would refuse to install. However, the historical context of these

    Android Mobile Specs & Compare Directory

    Are you researching mobile hardware properties, processor SoCs, GPU chipsets, or RAM configurations? Access our complete specs catalog to compare up to 5 devices side-by-side!

    Compare Devices Specs →
Google AdSense Inline Placement - Content Footer banner
Tags: #Android Security #APK Signing #Mobile Security #Reverse Engineering #Vulnerability Research

Related Technical Guides

Mastering Smali: A Deep Dive into Opcodes for Android App Runtime Modification

May 29, 2026

Case Studies: Real-World Vulnerabilities Found via AndroidManifest.xml Analysis

May 29, 2026

Troubleshooting Dynamic Code Loading Issues: Debugging DexClassLoader Failures in Android RE

May 30, 2026