Skip to content

don't run apktool when differences are in APK signing block only?

Diffing 2 APKs with differences in the signing block only is quite slow since it runs apktool for nothing (which takes almost 2 minutes on my fairly fast laptop for 2 ~7MB APKs).

Maybe we can e.g. use apksigcopier (if available) to compare the APKs (modulo signing block) and only run apktool when they are not "equal"?

Unfortunately, apksigcopier compare doesn't work for all APKs (e.g. if they don't have a valid signature or were not signed with apksigner).

Might get a bit complicated, but we could ignore signature validity and just compare the APKs bitwise, but skip over the signing block; this does require adjusting the offsets in the ZIP CD/EOCD when the signing blocks differ in size though.

Which reminds me I recall seeing some errors in diffoscope output when apksigner fails to verify an APK; IIRC I had to rename to .zip to make it work.

cc @eighthave

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information