Android Application Package
APK is Android's application package format. FileDex provides structural reference and inspection guidance for APK files — no installation or execution is performed.
Android app package. Cross-platform conversion requires recompilation.
أسئلة شائعة
How can I inspect the contents of an APK file without installing it?
Use `aapt2 dump` or Android Studio's APK Analyzer to examine manifest data, resources, and DEX class listings. You can also rename the .apk to .zip and extract it with any ZIP utility, though binary XML files will need decoding. The `apksigner verify` command checks signature validity without installation.
What is the difference between APK and AAB formats?
AAB (Android App Bundle) is a publishing format that Google Play uses to generate optimized APKs for each device configuration. An APK is the actual installable package delivered to the device. Developers upload AABs to the Play Store, and end users receive device-specific APK splits.
Can FileDex convert APK files to other formats?
No. APK files contain compiled bytecode, native binaries, and signed manifests that cannot be meaningfully converted to another format. FileDex provides structural reference information for APK files. Conversion would require decompilation and recompilation targeting a different platform.
Why does my APK fail to install with a signature verification error?
The APK's signing block has been invalidated, typically by modification after signing. Even a single changed byte in a v2-signed APK breaks the whole-file digest. Re-sign the APK with `apksigner sign` using the original keystore, or obtain an unmodified copy from the original source.
ما يميز .APK
Android application packages use ZIP as their container format, but the internal layout follows strict conventions enforced by the Android build toolchain. Every APK contains a classes.dex file carrying Dalvik bytecode (magic bytes 64 65 78 0A, the ASCII string "dex\n"), a binary-encoded AndroidManifest.xml declaring permissions and component registrations, and a resources.arsc table mapping resource IDs to localized values.
اكتشف التفاصيل التقنية
Signing Schemes and Integrity
Google's APK Signature Scheme v2 (introduced in Android 7.0) signs the entire ZIP archive as a binary blob rather than individual JAR entries, making it impossible to modify any byte of the APK without invalidating the signature. The original v1 scheme relied on JAR signing — each file in META-INF received its own digest. V3 extended v2 with key rotation support, allowing developers to change signing keys without losing update authority. The Android OS checks these signatures at install time and refuses packages that fail verification.
Internal Structure
The ZIP central directory at the end of the file indexes all entries. Inside, the lib/ directory holds native shared objects organized by ABI (armeabi-v7a, arm64-v8a, x86_64). The res/ directory contains compiled XML layouts and drawable resources. An assets/ directory stores raw files accessible by name at runtime — fonts, databases, and configuration data live here. ProGuard or R8 obfuscation shrinks and renames classes within classes.dex, stripping debug symbols and shortening identifiers to single letters. Multi-DEX APKs targeting older Android versions (pre-5.0) contain additional classes2.dex, classes3.dex files when the 65,536 method limit per DEX file is exceeded.
Distribution Models
Google Play distributes Android App Bundles (.aab) rather than raw APKs. The Play Store generates optimized APK Splits tailored to each device's screen density, CPU architecture, and language. Sideloaded APKs bypass this optimization — they bundle all configurations into a single universal package, increasing file size substantially. Split APKs installed outside the Play Store require a session-based installer API rather than a simple intent. Third-party stores like F-Droid distribute standard APKs and often build them from source with reproducible build configurations.
Inspection Approaches
The aapt2 dump command extracts manifest data and resource tables without installation. Android Studio's APK Analyzer provides a graphical view of file sizes, DEX class counts, and resource references. The apksigner verify --verbose command reports which signature schemes are present and whether the certificate chain is valid. For deeper analysis, jadx decompiles DEX bytecode back to readable Java source, revealing application logic and hardcoded strings.
المرجع التقني
- نوع MIME
application/vnd.android.package-archive- Magic Bytes
50 4B 03 04ZIP archive containing AndroidManifest.xml and classes.dex.- المطوّر
- Google / Open Handset Alliance
- سنة التقديم
- 2008
- معيار مفتوح
- نعم
ZIP archive containing AndroidManifest.xml and classes.dex.
البنية الثنائية
APK files are ZIP archives beginning with the local file header signature 50 4B 03 04. The critical internal file classes.dex starts with magic bytes 64 65 78 0A ("dex\n"). APK Signature Scheme v2/v3 inserts a signing block between the last local file entry and the central directory. The ZIP end-of-central-directory record at the file's tail locates all entries.
نقاط الضعف
- arbitrary code execution
- privilege escalation
- supply chain compromise
- sideloaded APKs bypass Play Protect scanning and can request dangerous permissions silently on older Android versions
- repackaged APKs with injected malicious DEX code distributed through third-party stores
الحماية: FileDex does not execute, install, or parse these files. Reference page only.