7. APK Structure

An Android Package (APK) is a file format used to distribute and install applications on Android devices. It is essentially a compressed archive (similar to a .zip file) containing all the resources, code, and metadata needed to run the application. Below is a general overview of the key parts of an APK:

AndroidManifest.xml

The AndroidManifest.xml file is a critical component of every Android application. It provides essential information to the Android system about the application, such as its structure, components, permissions, and configurations. The manifest file ensures that Android can interact with the app properly and enables system features, security policies, and interactions between different components of the app.

• Defines the app components: It declares all the components of the application, such as activities, services, broadcast receivers, and content providers, to the Android system.

• Permissions and features: It specifies the permissions that the app requires (e.g., internet access, camera usage) and the features that the app depends on (e.g., Bluetooth, NFC).

• App configuration: It contains configuration options like screen size compatibility, theme settings, and app launch preferences.

• Declares app components and their intent filters: The AndroidManifest.xml allows the app's components to be linked with intent filters to specify which types of intents they can handle.

Key Sections in the AndroidManifest.xml

• <manifest>: This is the root element of the manifest file. It contains the package name and specifies the permissions and the components included in the app.

  <manifest xmlns:android="<http://schemas.android.com/apk/res/android>"
            package="com.example.app">
  </manifest>

• <application>: This section defines the application’s settings, such as the app icon, theme, and components (activities, services, etc.).

  <application
      android:icon="@drawable/ic_launcher"
      android:label="@string/app_name">
  </application>

  • android:icon: Specifies the icon to display on the home screen.

  • android:label: Sets the name of the app that will be shown to users.

• <activity>: Each activity in the app is declared within the <activity> tag. This includes important details like the activity's name, theme, and intent filters.

  <activity android:name=".MainActivity"
            android:label="@string/app_name">
      <intent-filter>
          <action android:name="android.intent.action.MAIN" />
          <category android:name="android.intent.category.LAUNCHER" />
      </intent-filter>
  </activity>

  • android:name: Specifies the class name of the activity.

  • intent-filter: Defines what intents the activity can handle. In this case, it’s the main launcher activity.

• <service>: Services are declared in this tag, which allows the app to run background tasks like downloads, data sync, etc.

  <service android:name=".MyService" />

• <receiver>: Broadcast receivers are declared here, specifying which system events or custom broadcasts they should respond to.

  <receiver android:name=".MyReceiver">
      <intent-filter>
          <action android:name="com.example.myapp.MY_CUSTOM_BROADCAST" />
      </intent-filter>
  </receiver>

• <provider>: Content providers, which handle shared data access, are declared here.

  <provider android:name=".MyContentProvider"
            android:authorities="com.example.myapp.provider" />

• <uses-permission>: This tag declares the permissions that the app needs to function. For example, requesting permission to use the internet or access the device’s camera.

  <uses-permission android:name="android.permission.INTERNET" />

META-INF/

The META-INF/ directory in an APK file contains metadata about the application. It plays a critical role in ensuring the integrity and authenticity of the APK. Here's a breakdown of the components and their significance:

1. CERT.RSA

   • Contains the public key for verifying the APK's signature.

   • Ensures the APK has not been tampered with since it was signed by the developer.

   • RSA stands for Rivest-Shamir-Adleman, a widely used encryption algorithm.

   • This file works with CERT.SF to validate the APK.

2. CERT.SF

   • Lists all the files in the APK and their cryptographic hashes (SHA-1 or SHA-256).

   • Ensures file integrity by verifying that no files have been modified.

   • .SF stands for Signature File.

   • It acts as a map linking each file in the APK to its corresponding hash.

3. MANIFEST.MF

   • A manifest file containing the SHA-1 or SHA-256 digests of every file in the APK.

   • Provides a foundation for verifying the APK's integrity.

   • Every file in the APK (except META-INF/ files) is listed here with its cryptographic hash.

   • Serves as a bridge between the APK contents and the signature files (CERT.SF and CERT.RSA).

lib/

The lib/ directory in an APK file contains native libraries that are required for the application to function. These libraries are typically written in lower-level languages like C or C++, and they are platform-specific.

• The lib/ folder stores shared object files (.so files) that contain compiled code in native machine language. These libraries are used for functions that require direct hardware access or higher performance than Java code can provide.

• usually structured by architecture type. Each subfolder within lib/ corresponds to a specific CPU architecture. The subfolders typically include:

  • armeabi-v7a/: For ARM architecture (32-bit).

  • arm64-v8a/: For ARM architecture (64-bit).

  • x86/: For Intel-based devices (32-bit).

  • x86_64/: For Intel-based devices (64-bit). Each of these directories contains the native libraries compiled for that specific architecture.

res/

The res/ (resources) directory in an APK file contains various resources used by the application, such as images, layouts, strings, and other files needed for the user interface (UI) and functionality of the app. Unlike code (which resides in the classes.dex), the resources are mainly used for the app's presentation and user experience. Resource Types: The res/ directory holds different types of resources organized into subfolders. These resources are essential for the visual and functional aspects of the application.

• res/drawable/:

  • This folder contains image resources like PNGs, GIFs, and other graphical assets used in the app’s UI. The images here can be used for icons, buttons, backgrounds, etc.

• res/layout/:

  • This folder contains XML files that define the layout of each screen in the app. These layouts specify the arrangement of UI elements such as buttons, text fields, and images. Each activity or fragment usually corresponds to a layout file.

• res/values/:

  • This folder contains XML files for storing value resources such as strings, dimensions, colors, and styles.

    • strings.xml: Stores text strings, including UI text, labels, messages, etc.

    • colors.xml: Defines color values that can be referenced throughout the app.

    • styles.xml: Specifies UI themes and styles for the app, including text size, font, and colors.

    • dimens.xml: Defines dimensions like margin, padding, or layout size, which can be used for consistent UI design.

• res/anim/:

  • This folder contains XML files that define animations, like fade effects, scaling, or movement. These animations can be used to animate UI components.

• res/menu/:

  • This folder holds XML files defining the menus for the app (e.g., options menus, context menus). These files specify the menu items that appear when users interact with the app’s UI.

• res/raw/:

  • This folder stores raw files such as audio or video files, which can be accessed programmatically using a URI. These files are stored as-is, without any processing or modification.

• res/mipmap/:

  • This folder is specifically used for storing app icons in various resolutions for different screen densities (mdpi, hdpi, xhdpi, xxhdpi, xxxhdpi). Resource Management Android uses resource IDs to reference the items in the res/ folder. These IDs are generated at compile time and are used in the code to access resources. For example, the string in strings.xml can be accessed in the Java/Kotlin code using R.string.some_string_id. Example:

<!-- res/values/strings.xml -->
<resources>
    <string name="app_name">My App</string>
</resources>

In the app's code:

String appName = getString(R.string.app_name);

assets/

The assets/ directory in an APK is used to store raw files and resources that the application needs but are not directly tied to Android's resource management system (like res/). The files in the assets/ directory are accessed as-is, without modification or pre-processing. This directory is typically used for storing things like configuration files, fonts, HTML files, or other data that the application can access programmatically.

classes.dex

The classes.dex file is a crucial part of an Android APK package. It contains the compiled bytecode for the Android application, which is executed by the Android Runtime (ART) or the older Dalvik Virtual Machine (DVM) on Android devices. This file essentially converts your Java or Kotlin code into a format that the Android system can understand and run on mobile devices.

What is a DEX File? The DEX (Dalvik Executable) file is a format that is optimized for memory and performance on mobile devices. When you write Android applications in Java or Kotlin, the source code is first compiled into Java bytecode (.class files) using a Java compiler. These bytecode files are then converted into the DEX format by the Android build system during the compilation process.

The DEX file is important because Android devices cannot directly run Java bytecode, so it needs to be transformed into a format (DEX) that can be interpreted by the Android system.

resources.arsc

The resources.arsc file is an essential part of the APK structure and plays a crucial role in how Android applications handle and organize resources. It contains a compiled version of all the resources in an Android app, such as strings, layouts, images, and other configuration data. This file allows the app to access and efficiently retrieve these resources during runtime.

Contents of resources.arsc The resources.arsc file contains the following information:

• String Resources: It stores all the string resources declared in the strings.xml file, where you define user-visible strings for your app (e.g., text labels, button names).

• Configuration Resources: It includes configuration data like screen density, language, and layout direction (left-to-right or right-to-left) that help Android choose the right set of resources for the device.

• Resource Identifiers: The file includes unique identifiers (IDs) for each resource. These IDs are used by the app to reference resources at runtime (e.g., R.string.app_name or R.layout.activity_main).

• Compiled Resource Values: The actual compiled values of resources such as colors, dimensions, arrays, and other app-specific data are stored here in a format that the app can directly use.

How resources.arsc Works When an Android app is built, resources like strings, layouts, and drawables are compiled into the resources.arsc file. During the app's execution, the Android system can quickly reference and load these resources from this file rather than parsing individual XML files.

• Example: When an app requests a string resource using an identifier, such as R.string.app_name, Android looks it up in the resources.arsc file, retrieves the corresponding string, and displays it in the UI.