Android signature verification

Question

I have got lot of doubts to be cleared in the case of Android signature verification and its vulnerability.

Once we generate apk for an application we can unpack the apk and edit resource files using apktool. As we repack the edited apk back it loses its signature. I can resign the unsigned apk using the jarsigner with my own private key that i used while generating the apk. I found an application named zipsigner in playstore which can be used to sign such kind of unsigned apk.

So when this zipsigner signs the unsigned apk, whether the apk is signed with my same private key or with a different key? Because my META-INF folder still holds the XXX.SF and XXX.RSA files which holds the information of my private key. If it is with my same private key then the new apk will be an upgrade for my application or if it is a different key i will be having two different applications with same name.

From the above situations there are possibilities that malware could be included in my apk while repacking. There seems to be a loophole in Android's signature verification mechanism where the message digest of the files inside the META-INF folder are not included in the MANIFEST.MF as well as in the XXX.SF file. This creates a possibility for anyone to include malware codes inside these folders, repack the apk and resign it with the zipsigner application.

I was searching for a solution where i can prevent files being added into the META-INF folder and i found one from the below blog. But I'm unable to get the point of the solution. This looks like more of a research topic so there is not much information available in the internet. Can someone try and figure out the solution specified in the blog. The blog link is specified below the question.

http://blog.trustlook.com/2015/09/09/android-signature-verification-vulnerability-and-exploitation/

Answer 1

Reading from the other answers link black hat : APK issues

1. If you keep your private key safe, then only you can sign APKs, and only you will be able to publish them to a given store.
2. Extra information in the META-INF directory is not checked, and validated. This allows extra data to be added to the jar file, which could be used to smuggle information into the APK. But this would not be used by your APK file, and would not cause reputational damage.
3. There is a weakness in the testing algorithm, which means the validity of a certificate is not checked on the device if self-signed.

Data smuggling

Not checking the META-INF file is a side-effect of how the crypto- code works. In order to protect things you need to create a message which uniquely describes the message. This is a hash of the protected data. Unfortunately, the certificate, can't be included in this, as it is added after the hash is calculated. So generally there are places which can be added to without breaking the signature. For windows and .exes, Microsoft's report here:MS13-98. In this case some installers used the unchecked data to choose where to download files from. This made them vulnerable.

Within an X509 certificate, there are unchecked fields. (unauthenticated attributes). Which makes any X509 based solution capable of smuggling data. Your protection, is the local copy you uploaded doesn't have the smuggled values.

If you don't rely on the un-authenticated data in the security directory, then you can't be made vulnerable to it being changed. So best option is to not do it.

Self - signing issue

Self-signing causes some checks to be missed. This allows an attacker to create an updatable package, which purports to be theirs. This is a copyright issue, rather than a security issue, as it is visibly the tampered binary (does not pass the self-signed check).

Is there any way of repacking the apk and signing the application with the same private key?

• The private key is not available within the APK, so it can't be used to re-sign the data.
• The files in the APK (outside META-INF) can not be modified without changing their hash.

whenever the apk is unpacked does it lose its signature information?

Un-packing the APK does not break its signature, and you can re-pack. You can remove items from the APK without breaking the signature. However, it is not possible to change resources, and code without breaking the signature.

Answer 2

1. Private key is never part of a distributed APK, unless I misunderstood your question. Someone else signing on your behalf is not possible unless your own system is hacked.

2. The shared link (blog.trustlook.com) talks about Android skipping checking of files with .sf (and files with related extensions) extensions. So a malware could cloak itself in a file with one of these extensions. The fix mentioned there is an Android "system firmware" fix, not something that can be done at application level. This means, an OEM (Google itself, or Samsung/other) has to release an updated firmware to fix this. Check the latest updates, it might have been fixed already.

3. In my opinion, even if an user sideloads APK's, this is more of a nuisance than a real attack/threat. Refer to the Blackhat paper below for further details - https://www.blackhat.com/docs/ldn-15/materials/london-15-Xiao-What-Can-You-Do-To-An-APK-Without-Its-Private-Key-wp.pdf

You should also read this for potential ways of tamper proofing APK - https://www.airpair.com/android/posts/adding-tampering-detection-to-your-android-app