0

I'm trying to do the following things to an Android app without root access:

  1. De-compile the apk with adb d xxx.apk (done)
  2. Modify some files in /res/xml/ (done)
  3. Re-build the apk with adb b xxx (done)
  4. Sign the apk (keytool + zipalign + apksigner)
  5. Downgrade with adb push xxx.apk /data/local/tmp/ & adb shell pm install -r -d /data/local/tmp/xxx.apk

I'm able to sign the apk with my own keypair, but I don't want to uninstall & re-install the apk to install the modified version -- I want to downgrade the original app to preserve the data.

However, step 5 produces:

Failure [INSTALL_FAILED_UPDATE_INCOMPATIBLE: Existing package xxx signatures do not match newer version; ignoring!]

It seems like downgrade app's old & new version must have the same signature. Is there anyway to bypass this check, or solve this situation?

I read this question: How do I force reinstallation of an apk with different signature on rooted Android? ... but it requires root access.

TaihouKai
  • 1
  • 2
    Related: Does adb install do APK signature verification?. You are trying to circumvent the security model on Android so root access is generally a starting point. – Morrison Chang Nov 20 '23 at 04:47
  • @MorrisonChang Thank you for your reply (and previous reply ;) ). I do understand the situation, but I've used some commercial software (e.g., Cellebrite UFED) which are able to do the exact thing without root (Cellebrite UFED Apk Downgrade), and so I'm curious about how it could do this. There should be a way (either "legitimate" or "illegitimate" -- e.g. security vulnerability) to do so...? – TaihouKai Nov 20 '23 at 04:54
  • 1
    I watched the video for "Cellebrite UFED Apk Downgrade" and they called it a 'last resort option' for Android 12 forensics. My guess is that they are doing an APK backup and then using a older publisher signed APK which has some vulnerability to extract the data. I would also not rule out root access vulnerabilities. If you do want to find such 'vulnerabilities' that would depend on the device/ROM version and unlikely to be public for recent devices due to the security implications via governments/corporate espionage/forensics companies. – Morrison Chang Nov 20 '23 at 05:15
  • Ah.. so they save a list of supported apps which had a vulnerable old official version, and downgrade to that. This makes sense, since I actually tried Cellebrite apk downgrade on my own device, which is running the newest android os build on Samsung S22U, which should not have any os/hardware/kernel level vulnerability. – TaihouKai Nov 20 '23 at 05:20
  • Per my link in the comments on @Izzy answer indicate the adb backup is deprecated on Android 12 although it is unclear if that is just on PC side or also on device side as well, so a modified adb server may work for data backup. Generally the more recent the version of Android the more hardened it has become. – Morrison Chang Nov 20 '23 at 05:35
  • 2
    @MorrisonChang To my knowledge the adb backup restrictions exist on Android 12 on device side and are triggered by the app targetSDK version: See my answer on that topic: https://android.stackexchange.com/a/231237/2241 – Robert Nov 20 '23 at 08:26

0 Answers0