Hi All,
I was reading about zipalign
(http://developer.android.com/tools/help/zipalign.html). The docs
state:
Caution: zipalign must only be performed after the
.apk file has been signed with your private key. If
you perform zipalign before signing, then the signing
procedure will undo the alignment.
Intuitively, I would expect alignment adjustments and then code
signing, presuming zipalign would modify one or more files in the APK.
Since zipalign occurs after code signing, it tells me there are
non-signed fields in the APK file (or zipalign is a do-nothing
process).
A partially signed APK begs the question, what precisely is signed?
App-Signing (http://developer.android.com/tools/publishing/app-signing.html)
does not cover the topic.
Jeff
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
