Reputation: 11
How to make rebuilding of apk (without modifications) give the same checksum for the apk
When doing a software release for my company, it is a requirement that all code/files used in the build of that release be tagged/archived in our version control system (git). Then that tag can be used to regenerate the release artifacts as/if needed. Part of this requirement is that the release artifacts have to have the same md5 checksums when rebuilding the code.
Recently we have developed an Android application that creates an apk file (release artifact). However if you compile the Android app twice in a row without any modification it results in the apk file md5 checksum to be different for each build even though nothing changed.
I found this MD5 checksums of Android APK files differ. Why? that explains why the rebuilds of the apk files differ (because of zip file format storing last modification date inside its headers).
But what I need to know or at lease get help with ideas, is how to resolve the issue so that rebuilds of the same code/files result in getting the apk file generated having the same md5 checksum as before.
For reference, we are using Android Studio/gradle to build the apk.
Also we already have a 'zip-date-modifier' program that we created, that already sets zip/jar file dates to an arbitrary date. It is a part of our build process when creating zips/jars for other applications to run on the release artifacts at the end of the build process so that they all have some arbitrary date/time that is always the same (1980-01-01 00:00:00). That way they always have the same md5 checksum on rebuilds.
However when running zip-date-modifier on the apk after a rebuild, the apk md5 checksum still does not match previous build checksum. This makes me think that perhaps there are still other differences within the apk besides just the zip file format header.
Any ideas/suggestions on why this is? Or any thoughts/ideas on how to get the same md5 checksums for an apk on rebuild?
Many thanks!
P.S. I am very new to Android development and Gradle. My experience to date is mostly with C/Ant and Java/Maven.
Upvotes: 1
Views: 671
Answers (1)
Reputation: 11
I meet the same issue, and found it may caused by signingConfig, if config it as null, the rebuild apk's checksum is same, but still not sure how to make it happen when signingConfig is configured.
Upvotes: 1
Related Questions
- APK checksum- Binary Code Protection
- Verify Android apk has not been repackaged?
- Gradle same checksum for repeated build
- Decompile a signed apk, modify and recompile usiing different keystore than that of the original signed apk?
- How to generate same SHA1 for updated apk?
- Android app calculating its own MD5 checksum
- How to rebuild apk after modifying/instrumenting its bytecode?
- Duplicate has different MD5 checksum
- MD5 checksums of Android APK files differ. Why?
- How to generate a checksum for each installed application