hiding data/code in Android APK embedded signatures

FC Stegerman flx at obfusk.net
Tue Jan 31 04:46:04 UTC 2023


We already know that embedded signatures [1] pose a challenge for
reproducible builds.

And it's not too hard to imagine a program detecting which key it's
signed with and changing its behaviour based on that; which I think is
inherently unavoidable.

But the Android APK Signature Scheme v2/v3 [2] actually allows
embedding arbitrary data (or code) in the signing block, meaning that
two APKs with the exact same valid signature -- though not a
bit-by-bit identical signing block -- can behave differently.

I have written about my concerns [3] before, but now I've finally made
a PoC [4] for an Android app that reads the APK Signing block of its
own APK and extracts a payload to alter its behaviour.

Whether the payload is present or not does not affect the validity of
the signature.

Thus we get two APKs -- with an identical valid v1+v2+v3 signature --
but one says "nothing to see here..." when you run it, whereas the
other says e.g. "This is the payload".

- FC

[1] https://reproducible-builds.org/docs/embedded-signatures/
[2] https://source.android.com/docs/security/features/apksigning
[3] https://gitlab.com/fdroid/fdroidserver/-/issues/1056
[4] https://github.com/obfusk/sigblock-code-poc

More information about the rb-general mailing list