The process is as follows:

Decompile apk- > modify resource files, smali code, etc. -> repackaging-> signature-> distribution

The key is the signature step. Every developer has his own digital certificate, which can be understood as an unforgeable seal. Signing apk is equivalent to stamping, indicating that this apk is issued by the owner of the digital certificate.

The reviser can only sign with his own certificate, so the signature information of the modified apk is different from that of the original apk.

Android system will check the signature information when installing apk. If the program has been installed in the mobile phone (identified by the name of the app package), and the signature of the apk to be installed is inconsistent with that already installed, a warning of "Inconsistent Signature" will pop up, and the installation fails. At this time, only when the user manually uninstalls the installed version can the new apk be installed.

2. It may be small.

According to the above analysis, unless the reviser gets the developer's signature or tries to bypass the signature verification mechanism of Android system, it is possible to replace the installed version of the modified software with normal updates.

The possibility of both is very low.

3. Why does the inconsistent signature prompt me to update?

The customer has two application markets, X and Y, which means that the developer A publishes the application to the store X, and then the hacker B tampers with the installation package of A and publishes it to the store Y in the name of A, and then the user installs the application from X, and the Y market prompts the update.

Because the third-party market judges whether to prompt the update by the package name and version number. As long as the same package name, the version number of apk on the market is greater than the installed version number, it will prompt to update. Of course, the signatures are inconsistent or cannot be installed.