I have had an issue with Android apps on non-rooted phone not allowing you to access their files, or use the adb tool “run-as.”
This is a short guide on how to take a retail android APK, unpack it, edit the Manifest files, and then repack it and sign it. As I did not find the exact way to do this for Android 12, I wanted to publish them here.
This is a remix of older guides that have not been updated to Android 7.0+.
This has been updated, and I have tested it on Android 12.
The steps are the following:
Start with getting the APK. You can get the APK anyway you want. Here adb is used to pull an APK file from and existing phone.
List all packages on the device. Replace “mypackage” with the name of the app you want.
$ adb shell pm list packages -f -3 | grep mypackage
Pull the one that you want. Replace “com.mypackage.apk” with the name of the app from the last command.
$ adb pull /data/app/com.mypackage.apk
Once the APK is pulled from the phone, extract it (unzip works as well):
$ apktool d -o output-dir com.mypackage.apk
You now have a folder with the contents of the app. The file AndroidManifest.xml
has most of the the “goodies” that you would want to change.
For my needs, I changed the AndroidManifest.xml
node, add added following xml attribute to the application
xml node.
This change allows you to run an ADB shell with the permissions of the app (among other things).
android:debuggable="true"
One you have changed any files and Manifest, put the app back together with apktool:
$ apktool b -o com.mypackge.repack.apk output-dir
Android needs you to sign all packages. This is where older guides failed me, as newer versions need “APK Signature Scheme v2”
Androids signing is interesting, as it accepts self signed no issue. The signing is meant to limit who can update the app.
Make a new key store with Java
$ keytool -genkey -v -keystore resign.keystore -alias repackapps -keyalg RSA -keysize 2048 -validity 10000
Use a tool called “Uber Apk Signer” and not jarsigner. jarsigner only works for android 7.0 and bellow.
java -jar uber-apk-signer-1.1.0.jar -a com.mypackge.repack.apk -ks resign.keystore -ksAlias repackapps -o com.mypackge.repack.signed
The APK called com.mypackge.repack.signed.apk
should be signed, and can be installed via adb install com.mypackge.repack.signed.apk
.
Depending on the version of the tool, the APK may be in new folder in the directory.
If the app is “debug-able”, you can also now use the ADB command: adb shell run-as ls /data/data/com.mypackage/
and have a shell with the permissions of the app.
If you need to copy files over, that belong to the app, then you can use some ‘dirty’ tricks like:
cat database.sqlite | adb shell run-as com.mypackge dd of=/data/data/com.mypackge/databases/database.sqlite