我想知道Google Play应用程序如何检测到已经安装的应用程序,所以我运行了一个测试。首先,我从Google Play安装了一个应用程序,然后提取它是APK文件。然后我使用 APKSTUDIO 并修改了一些字符串来编译应用程序。然后我确实重建和签名。最后,我安装了新创建的APK并打开了Google Play,搜索了应用程序名称,它表示它已安装,尽管新创建的APK文件具有不同的哈希。
在进行此测试之前,我认为Google播放通过比较APK文件的哈希乐曲来检查应用程序但现在我认为它只通过包名称检查它。是否有任何原因使用哈希执行检查?我知道使用散列而不是包名称介绍存储开销(必须为每个版本保存额外的哈希字符串)但是通过这样做,可以轻松发现APK文件是另一个应用程序的修改版本,它是重要的是修改的应用程序通常是恶意的。
I wanted to know how Google Play app detects already installed apps so i ran a test. First, I installed an app from Google Play and extracted it's APK file. Then i started decompiling the app using ApkStudio and modified some strings. Then i did rebuilding and signing. At last, I installed the newly created APK and opened Google Play, searching app name it said that it's installed although the newly created APK file had a different hash.
Before doing this test, i thought that Google Play checks installed apps by comparing hashes of APK file but now i think it only checks by package name. Is there any reason why the checking isn't performed using hashes? I know that using hash instead of package name introduces storage overhead (as an extra hash string must be saved for every version of an app) but by doing so, one can easily find that an APK file is a modified version of another app, it's important as modified apps are malicious generally.
© 2022 it.wenda123.org All Rights Reserved. 问答之家 版权所有