How to modify a compiled Android application (.apk file)
Today I’d like to share with you my findings about how an existing .apk file can be modified.
An .apk file represents the mobile application as it is installed on a mobile device, like smartphone, tablet, wearable, etc.
Such an .apk file is a simple archive that can be opened with any packager like e.g. WinRAR
So you can easily open it and view the files – although viewing most of the files won’t make you happy, because you’ll realize that they’re compiled, in binary format, etc
… but this is a different story.
Anyways, you can open the archive and then modify any resource file and save the modification in the archive.
But if you afterwards try to install the .apk on the smartphone (or tablet or similar), you’ll get an error.
The following screenshot displays the error when installing the modified sample application myApp.apk on an Android device:
The reason is that after the modification, the checksum and the signature are not valid anymore.
Thus, simply changing an .apk file is not possible.
However, there’s still the valid use case to modify or replace files inside an existing .apk.
– files which are placed in the assets folder
– property files containing configuration data
– images which can be replaced
– styling information resources
My personal use case was:
I had created an Android application using SAP Netweaver Gateway Productivity Accelerator.
I had to deliver the application to my users as .apk file.
But there was the requirement that they wanted to modify the ready application (change configuration data).
So I had to figure out how to achieve that: modify the app without having access to the source code.
Below, I’m sharing the required steps with you.
The description is based on the following software and versions:
Android current API 19
If you aren’t familiar with Android, but wish to be, you might want to check the documents  and 
All prerequisites for understanding this blog are explained there.
In order to execute the commands described below, you need to have Java on your PATH variable of your Windows system (see  for an explanation).
There are 3 steps that need to be followed in order to modify an existing .apk file:
1. Do the actual desired modifications inside the .apk file
2. Sign the .apk
3. Install the .apk on the device
1. Change the resource in the .apk
Open the .apk file with WinRAR (if that doesn’t work, rename the file extension .apk to .zip)
Change the resource in the archive as desired (packager tools allow to change files without the need to extract the archive)
Once you’re done with your changes, you have to take care about the signature files that are part of the .apk:
Inside the archive, go to folder META-INF
Delete the existing *.RSA and *.SF files
The following screenshot displays the content of the META-INF folder in an .apk file:
Now the archive can be closed.
In case you had changed the file extension before, you now have to change it back to .apk
2. Sign the .apk
Android doesn’t allow to install an application (apk) that isn’t signed.
When developing an app in Eclipse, the ADT (“Android Developer Tools”, the extension to Eclipse that supports development for Android) takes care of signing the app with a default certificate, before installing in on the device.
That’s comfortable, but with the following description, everybody is able to sign an application.
Signing the .apk is done in 2 steps:
a) create the certificate
b) sign the .apk with the created certificate
Both steps are done with commands on the command line
a) Generate a certificate
If you’re working in a Java environment, you have the JDK on your file system.
The JDK comes with a tool to manage certificates: the keytool.
You can find it in the …/bin folder of your JDK installation.
On my machine it is here:
Now you can generate a certificate using below command.
However, before executing it, please check the notes below, in order to adapt the parameters
keytool.exe -genkey -v -keystore <myKeystore> -alias <myAlias> -sigalg MD5withRSA -keyalg RSA -keysize 2048 -validity 1000
Please note that you have to adapt some of the parameters of the above command to your personal needs:
Here, you can provide an arbitrary name for your keystore.
The name that you provide here will be the name of the keystore-file that will be created.
The file will be created in the current directory.
(I haven’t tried it, but probably you can enter the name of an existing keystore file, in order to store the new certificate there)
Here as well, you can provide an arbitrary name for the alias.
It is meant for you to recognize it.
The alias is the human readable name of the certificate which will be created and stored in the keystore.
This is the number of desired days.
You can enter any number you wish.
I think it should be high enough in order to avoid trouble with expiration.
Note that the parameters sigalg and keyalg are required by JDK 7, so it shouldn’t be necessary to add them if you’re using JDK 6
keytool.exe -genkey -v -keystore mykeystore -alias myAlias -sigalg MD5withRSA -keyalg RSA -keysize 2048 -validity 10000
When executing the command, you’ll get several prompts on the command line, asking for password, username, organization, city, etc
You can enter any arbitrary data here, you only have to make sure to remember the password.
After you’ve executed the command, you’ll see the generated keystore file on your file system in the current directory (from where you’ve executed the command)
Now you can proceed with signing the .apk using the newly created certificate.
b) Sign the apk
Before signing the .apk file, you have to make sure that there are no certificates available in the .apk.
This is described in step 1 above.
For signing an archive, we use the jarsigner tool, which is provided with JDK, and which can be found in the same location like the keytool.
The following command is used for signing an apk.
jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore <keystoreName> <appName> <alias>
Please note that you have to adapt some of the parameters of the above command to fit your personal needs:
Here you have to enter the name that you have given in the previous step a)
In order to keep the command line short, I recommend to temporarily copy the keystore file to the same location where you’re executing the command.
Here you have to enter the name of the apk file which you want to sign
In order to keep the command line short, I recommend to temporarily copy the .apk file to the same location where you’re executing the command.
Here you have to enter the name of the alias that you’ve provided when generating the certificate
Note that the parameters sigalg and digestalg are required by JDK 7, so it shouldn’t be necessary to add them if you’re using JDK 6
jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore mykeystore myApp.apk myAlias
After you’ve executed the command, you can check the result inside the .apk file:
Open the archive, go to the folder …/META-INF and check if the files CERT.RSA and CERT.SF have been created.
3. Install the apk on the device
Now that the .apk file is signed, you can install it on your device.
BTW: This procedure is also called side-load.
For Android applications the installation is done on the command line, using the adb command.
adb stands for Android Debug Bridge
adb.exe is a piece of software that connects the PC with the Android device.
It allows access to the device, allows to trigger operations, transfer files, etc.
In order to install the .apk on the device, you have to connect the device to your PC via USB cable,
then execute following command
adb install <appName>
In order to keep the command line short, you can temporarily copy the apk file to the same location where you’re executing the command.
adb install myApp.apk
The result should be “success” message on command prompt.
If not, any of the previous steps may have failed.
You can find the application in the apps folder of your smartphone.
This procedure worked for me on WIN7 and JDK 7.
It wasn’t required to rebuild the app, nor to generate new checksum or similar.
Please refer to the following documents for lot of information for beginners.
They also contain lots of additional links for further reading.
 Getting started with GWPA: Prerequisites: http://scn.sap.com/docs/DOC-52235
 Getting started with GWPA: Android Preparation: http://scn.sap.com/docs/DOC-52371
The official docu can be found here: http://developer.android.com/tools/publishing/app-signing.html
Thanks a lot carlos.
I had the same requirement and was unable to install apk on sumsung device after repack apk.
But your steps helped me to get through this problem.
Thanks Vinay, good to know, and I'm glad that it helped you! 😉
I try to it and gone some steps successfully but when I go to open keytool.exe file, its open and close automatically so please guide me how i edit it.
And I want to edit a video clip in android app. so guide me how i edit it.
I am waiting your responce
Thank you for sharing this information .
thanks for the info =)
Great information about apk android app.
Thanks for Sharing
this is great tutorial about modifying an apk file, it helped me
thanks for sharing
Thank you, Carlos, for sharing this informative post with us as I am using google pixel though I was facing a problem with installation in a .apk file on my device with the help of your tutorial my problem is finally fixed.
glad that it helped you, John 😉
Thanks for sharing such a good information with us ..
This is a great tutorial about modifying an apk file, it helped me a lot, thanks for sharing.
Thanks for your comment, Former Member
I have an android project which is complete made on firebase. All of the code is written on the client side that is the app itself.
What if someone decompiles my apk apk modify my code/logic and recompile it again? Will he be able to connect to my firebase project?
Does the SHA1 fingerprint changes when anyone modifies the apk?
Hope to get a reply soon.
I think you don't need to worry too much, there's not more danger than to any other compiled software.
I mentioned above that the described procedure is only applicable for changing resource files, not code.
Thanks! But does the SHA1 fingerprint change when someone modifies the code?
I haven't tried it, I can only assume that yes
Thank you so much, it worked like a charm! 🙂
Great, Maxime, good to know that ! 😉
thanks alot , this worked but i have a problem
before editing my app it was linked to admob google ad service and adds were apparing on app but after editing my app (i only changed a source image file) the adds disappeared. How can i edit my app and keep the adds? . It will be a great help.
Hello Carlos, Thank you for the timely and interesting article… It will be helpful for the user who looking to modify a compiled Android application.
Carlos, I am curious, could you follow this same process and upload the updated APK as an update to a publish app on the google developers console? I am trying to update my app and do not have access to my source code. This would be a great help, thank you!
Hi Bryan, this is a cool idea, but unfortunately I cannot try it.
However, if you find the solution, would be nice to share it here, so others can benefit! Cheers!
Very informative article, I love it when someone bring out his or her time to educate others on tech issues. Nice one bro???
Hi Tech Slips , thanks so much for this nice feedback !!!
Hi Roggan..I am really impressed by your article. This is seem quite interesting, because i get to learn something from your effort.
Nice article.. How if i need modify apk to force using some given http proxy not from android system proxy.
Lets say i have 3 apk, apk1 force using proxy1, apk2 force using proxy2, and so apk3 force using proxy3.
I am beginner at apk development and design. Now i am working on modifying some of the features in voice call apk file of jio4gvoice app. This is the app that are developed by mobile network in india for making Non-VoLTE enabled smartphone VoLTE enabled. I found so many issues belong to this app and review from people on google play store. Now I am trying to fix one of the comment there one person posted.
By reading your post, i have got a clear and exact procedure on how can i able to modify apk file. Now i will make each and every issues posted on the play store and will submit to the company, so i will get a job there.
Thanks a Lot
Great, shajeer AP thanks for the feedback!
Thanks a lot for this information. It was a pleasure to read this article!
Can i Direct message you please