Malformed APK zip header?
26 views
Skip to first unread message
Eric Cloninger
Jan 24, 2012, 6:54:54 PM1/24/12
to adt...@googlegroups.com
We had someone send an app to our team this week with some problems.
The app, which was *not* exported, had several problems. One thing I
found interesting, there was a folder in the ZIP header called "..",
so I followed it. Eventually, I found a folder 3 levels above the
manifest named "src" and then some folders under that. This is valid
in ZIP and the app installed in on my phone. I also installed it on
the emulator and it doesn't appear that the presence of the
../../../src folder does anything negative, but I would think the
build chain would prevent this somehow.
The app, which was *not* exported, had several problems. One thing I
found interesting, there was a folder in the ZIP header called "..",
so I followed it. Eventually, I found a folder 3 levels above the
manifest named "src" and then some folders under that. This is valid
in ZIP and the app installed in on my phone. I also installed it on
the emulator and it doesn't appear that the presence of the
../../../src folder does anything negative, but I would think the
build chain would prevent this somehow.
Bug, works as designed, or nothing to see here?
-E
Manfred Moser
Jan 24, 2012, 7:28:10 PM1/24/12
to adt...@googlegroups.com
Could be a different build chain creating the app..
Eric Cloninger
Jan 24, 2012, 8:52:19 PM1/24/12
to adt...@googlegroups.com
I have a question out to the dev to ask them how they built it.
Decompiling the app shows the usual stuff in terms of resources, but I
haven't decompiled the code parts with smali to see if it looks like
standard Java lifecycle stuff. I'll dig into it a little deeper.
Decompiling the app shows the usual stuff in terms of resources, but I
haven't decompiled the code parts with smali to see if it looks like
standard Java lifecycle stuff. I'll dig into it a little deeper.
Good idea. Thanks, Manfred.
-E
Reply all
Reply to author
Forward
0 new messages