Janus vulnerability fix for android application

 Janus vulnerability android 

 

Step 1: Take debug Build from the android studio: 

Step 2: Make it an unsigned apk with debug.apk using zip align 

C:\Users\--\AppData\Local\Android\Sdk\build-tools\32.0.0\zipalign -v -p 4 app-debug.apk my-app-unsigned-aligned.apk 

 

  

  

Step 3: Make it a signed apk using the release keystore with unsigned apk 

C:\Users\--\AppData\Local\Android\Sdk\build-tools\32.0.0\apksigner.bat sign --ks sample.jks --out my-app-release.apk my-app-unsigned-aligned.apk 

  

 Step 4:  Now, We can see that v1, v2, and v3 have verified status 

C:\Users\hello\AppData\Local\Android\Sdk\build-tools\32.0.0\apksigner.bat verify --verbose my-app-release.apk 

  

 

  

Step 5: Make a v4 Signature using the below comment 

C:\Users\hello\AppData\Local\Android\Sdk\build-tools\32.0.0\apksigner.bat verify -v -v4-signature-file my-app-release.apk.idsig my-app-release.apk 

  

 

 

 

 

NOTE: Make sure to use the latest JDK 

Reference: 

https://android.stackexchange.com/questions/239313/apk-signature-scheme-v4-cant-be-verified-with-apksigner  

https://stackoverflow.com/questions/59248088/how-can-i-sign-my-app-with-apk-signature-scheme-v3-and-v4 

 

https://medium.com/mobis3c/exploiting-apps-vulnerable-to-janus-cve-2017-13156-8d52c983b4e0