Change theme
Help
Press space for more information.
Show links for this issue (Shortcut: i, l)
Copy issue ID
Previous Issue (Shortcut: k)
Next Issue (Shortcut: j)
Sign in to use full features.
Vote: I am impacted
Notification menu
Refresh (Shortcut: Shift+r)
Go home (Shortcut: u)
Pending code changes (auto-populated)
View issue level access limits(Press Alt + Right arrow for more information)
Unintended behavior
View staffing
Description
Android binary XML (not to be confused with the new ABX scheme introduced in Android 12) is an special binary format that expects the first 4 bytes to be as follows (in hexadecimal, little endian):
Where
0x03denotes the XML chunk and0x08denotes the size of its header. All the XML files including the XML resources andAndroidManifest.xmlare converted to this special format during compilation. However, a few days ago, I have discovered a particular case where an app has a different format which is as follows:As can be seen above, the first byte is
0x00which denotes a NULL chunk. Now, the AOSP-supplied apksig library comes with a class namelyAndroidBinXmlParserwhich explicitly checks for an XML chunk which cannot be found above which means that whoever developed the app used a modified version of the library. But to my surprise, I have found that Android OS andaapt2(aaptfails though) can successfully parse the manifest and the app can be installed successfully without issues. Since the AOSP-provided apksig, by default, does not allow this particular magic. I think this to be an AOSP bug which can be solved in one of the two ways:aapt2).PS: The app in question is a Chinese app known as NP Manager. This app has a bad reputation with many AVs flagging it as malicious. This is why this issue should not be taken lightly.
Thanks.