Skip to content

use apksigtool instead of androguard for diffing APK Signing Blocks?

69c125e4 added support for using androguard to show differences in the blocks in the APK Signing Block of an APK, closing #246 (closed).

As of today, the apksigtool code should be in decent shape (and have a stable API), at least for parsing (and cleaning) APK Signing Blocks (I wouldn't trust verification just yet, I'm not a cryptographer, and I don't know if signing will be implemented at all yet).

I intend to release a new version v0.5.0 to PyPI "soon" (it should be ready but could use more testing, help welcome) and hope to package it for Debian as well (for which I'll need a sponsor).

At that point it might be useful to switch to using apksigtool instead of androguard (when available), since it can provide a lot more detailed information about what's actually in there instead of just a binary diff.

Suggestions for (API) improvements that would be useful to diffoscope are of course very welcome :)

cc @eighthave

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information