I didn't realize Android verified apps on boot. I had a silly patch for Twitter (done by directly hexediting one of the overlay APKs on-device, because I'm lazy) and it worked fine until I rebooted, then Twitter disappeared.
Or is this some Play Services verification thing?
Conversation
I'm kind of surprised because doing a full sig check on every app on boot would probably take quite some time, and Android boots pretty fast these days. Or maybe the file mtime tipped it off?
6
42
Replying to
Play services doesn't do anything like that. You changed the apk so it couldn't use the cached data and sent it through the package manager again. It could skip the signature checks when it's in a verified image. System apps and APEX components can be updated via userdata though.
1
10
APEX components are a filesystem with Android Verified Boot including dm-verity inside of an APK container. That's what enables updating arbitrary things out-of-band instead of simply APKs.
source.android.com/security/apksi provides a form verified boot for normal APKs but there's no reason for it to be used for APKs in OS images since regular verified boot covers them. The purpose of that is always verifying all data read from them since normal APK signatures are too slow.
2
4
Replying to
So you're saying it was in fact the mtime that triggered it to go through the package manager again while checking the caches.
1
Show replies