Janus vulnerability fix for android application

 Janus vulnerability android 

 

Step 1: Take debug Build from the android studio: 

Step 2: Make it an unsigned apk with debug.apk using zip align 

C:\Users\--\AppData\Local\Android\Sdk\build-tools\32.0.0\zipalign -v -p 4 app-debug.apk my-app-unsigned-aligned.apk 

 

  

  

Step 3: Make it a signed apk using the release keystore with unsigned apk 

C:\Users\--\AppData\Local\Android\Sdk\build-tools\32.0.0\apksigner.bat sign --ks sample.jks --out my-app-release.apk my-app-unsigned-aligned.apk 

  

 Step 4:  Now, We can see that v1, v2, and v3 have verified status 

C:\Users\hello\AppData\Local\Android\Sdk\build-tools\32.0.0\apksigner.bat verify --verbose my-app-release.apk 

  

 

  

Step 5: Make a v4 Signature using the below comment 

C:\Users\hello\AppData\Local\Android\Sdk\build-tools\32.0.0\apksigner.bat verify -v -v4-signature-file my-app-release.apk.idsig my-app-release.apk 

  

 

 

 

 

NOTE: Make sure to use the latest JDK 

Reference: 

https://android.stackexchange.com/questions/239313/apk-signature-scheme-v4-cant-be-verified-with-apksigner  

https://stackoverflow.com/questions/59248088/how-can-i-sign-my-app-with-apk-signature-scheme-v3-and-v4 

 

https://medium.com/mobis3c/exploiting-apps-vulnerable-to-janus-cve-2017-13156-8d52c983b4e0  

 

 

Comments

Post a Comment

Popular posts from this blog

Your build is currently configured to use incompatible Java 21.0.3 and Gradle 8.2.1. Cannot sync the project.

Image
  Facing issues with Gradle and Java compatibility in Android Studio?  ðŸš¨ In my latest video, I walk you through a common error that many Android developers encounter: "Your build is currently configured to use incompatible Java 21.0.3 and Gradle 8.2.1. Cannot sync the project." I’ll show you how to fix the incompatibility issue by configuring  Java 17  for  Gradle 8.2.1 , ensuring smooth synchronization for your Android project. 🔧  Step-by-step solution: Identifying the problem Correctly configuring Java 17 for Gradle Syncing your Android project without errors This is an essential fix for any Android developer working with Gradle and Java. If you’re stuck with this error, this tutorial is for you! 📺  Watch the full tutorial here :
Read more

Google Assistant Implementation in Android application with app actions

Image
  Process flow to create app action in android native: Step 1) Create action.xml with Built-In Intent and defined in androidmanifest.xml Step 2) Create deep link through firebase dynamic link SDK Step 3) Map the Deeplink with built-in Intent in android action.xml Step 4) Create the application in Playstore Step 5) Upload the signed apk in Playstore as save in draft Step 6) Open the app action testing tool from latest android studio after upload the apk in playstore Step 7) Login the same google account in playstore, android studio and android device Step 8) Make sure the check the same Locale language (en-Us) in Android device and action testing tool   Built-In Intent & Sample Query: actions.intent. OPEN_APP_FEATURE           - Open History in <innovationName>           - Open sale in <innovationName>         ...
Read more