APK Repackaging.

An Android attack technique that unpacks a legitimate APK, modifies its code or resources (ads, trackers, malware, license bypass), repacks and re-signs it, then redistributes the trojanized app through unofficial stores or sideload campaigns. Cette notion relève de la catégorie Sécurité mobile en cybersécurité.

An Android attack technique that unpacks a legitimate APK, modifies its code or resources (ads, trackers, malware, license bypass), repacks and re-signs it, then redistributes the trojanized app through unofficial stores or sideload campaigns.

APK repackaging is one of the foundational Android malware techniques and remains common in 2024–2026 despite App Bundle distribution. The basic workflow is: download a legitimate APK (or AAB), decompile it with apktool/jadx, modify the smali code or resources to inject ad SDKs, info-stealer payloads, banking-trojan overlays, or license-check removals, repack it, and re-sign with the attacker's key (or a stolen key for sideload-trust). The trojanized APK is then redistributed through alternative app stores, file-sharing sites, SMS-phishing links, or malvertising. Repackaged Android banking trojans (Anatsa, Hydra, GodFather, Cerberus successors) and crack-laden 'modded' apps account for a substantial share of Android malware. Google's mitigations include Play Protect signing comparison, Play Integrity 'app integrity' verdicts that detect that the running APK is not the Play-distributed one, key attestation on developer signing keys, and the broader move to Play Asset Delivery and App Bundles which complicate offline repacking. For developers, defenses include obfuscation (R8/ProGuard), native-code anti-tamper checks, server-side attestation, and behavioral fraud signals.

Les défenses contre APK Repackaging combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.

Noms alternatifs courants : APK trojanization, App repackaging.