-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Samsung Notes APK broken by Racoon? #125
Comments
For different devices you may be able to download different versions of Samsung Notes from Google Play Store. The nice point on APKs is that if you have one APK from a source you trust and a second from an untrusted source you can verify the APK signature and if they both use the same signature you have a cryptographic proof that untrusted APK is also trusted. So instead of fiddling around with modifications of your GSI image to make it more Samsung I would simply use |
Thank you for the quick reply, you're awesome! Yes, the results are the same on both, you are correct. APKMirror Version Samsung Notes: com.samsung.android.app.notes_4.4.10.57-441057000_minAPI23(arm64-v8a,armeabi,armeabi-v7a)(nodpi)_apkmirror.com Racoon Version Samsung Notes: com.samsung.android.app.notes-440724000.apk
But, when I extract both apks I can clearly see that almost every file in the APKMirror version is slightly bigger than the official Racoon downloaded version. Every text file, folder structure and even the AndroidManifest.xml is slightly or significantly bigger. The APK Mirror version also has some additional files that are missing in the official version. So I don't understand why the verity checks out, but I still don't want to use it. Do you know why the APKMirror version works and what changes had to be made to achieve this? I would even be willing to pay for the answer, because if it's possible, I would rather just modify the official version downloaded by Racoon. |
Another thing I would like to mention is these warnings, which include files that aren't protected by the signature.
|
In my understanding APKMirror is an managed APK sharing site, so people can upload and download APKs and then some admins and/or an automated process decided if the uploaded APK is published. In addition they describe that cryptographic signatures are checked for apps they already have in their catalog, so accepting a new version is a bit similar to the update process Android performs when an update APK i installed. In your warning output you unfortunately removed an important information: Those warnings are only relevant for APK v1 signatures (jarsigner signatures). That is one of the reasons Google introduced APKv2 and v3 signatures. Recent Android version (11+) do no longer consider APKv1 signatures as sufficient. I am not sure if they only check it in addition to an v2 /v3 signature or totally ignore it. So APKv1 is only for Android 6 and lower. |
Ah I see, so the APKMirror version is just updated, but still authentic due to the signature. Thank you. Most of the apps downloaded by Racoon are split in multiple apks. Mostly there is a base apk and various config apks. But the same app on APKMirror is always available in a single apk. On the raccoon website this is mentioned, saying that split apks can be reverse engineered and combined into a single apk. My question is how it is possible for APKMirror to do this while still having it signed? Take the app Squid for example. Latest version of Squid downloaded by Raccoon:
Latest version of Squid from APKMirror (same signature): How is this possible? I've been going crazy building AOSP while trying to include these split apks of Squid as a system app with |
Usually split APK files only have advantages for Google and the Android users (less used bandwidth, not wasting space on the phone for code, images, layouts... you will never use). Only app downloaders prefer all-in-one-APK files as they are easier to handle. Technically you can combined multiple split APK files into one APK, but the created APK file will never be properly signed. So they have to get those APK files directly as they are. |
Apologies for the off topic question, but since I have the APK masters here I thought I'd give it a shot.🙏 I need to get Samsung My Files working on my Samsung Tab S6 running AOSP 13. To make Notes work I had to copy some files from my stock Samsung firmware over to AOSP. I remember that Notes crashed instantly as well before I ported the files above. Is there a similar set of files that needs to be copied in order to allow MyFiles to work? |
Sorry but I can not help you on that topic as I don't use Samsung devices. In the end my recommendation is to stay with your Samsung stock ROM or migrate to a generic non-Samsung specific notes app if you want to use custom ROMs. |
Hello!
Device: Samsung Galaxy Tab S6 / SMT860
ROM: AOSP 13 GSI
After installing the Samsung Notes APK from Racoon, the app instantly crashes when opening.
com.samsung.device.jar
has been placed in system/framework andcom.samsung.device.xml
in system/etc/permissions to ensure the apk installs correctly and is compatible.APKMirror's version of Samsung Notes works, though.
I compared both apks and noticed that the APK Mirror version has a bunch of modifications.
I don't want to use APKMirror, could you help me find out what changes need to be made so I can install the official APK from Racoon?
Thanks! 🙏
The text was updated successfully, but these errors were encountered: