I have been hacking on some Android applications recently, which involved decompiling and recompiling their source. Android requires application packages (apks) to be signed or installation will fail. The signature does not have to come from a universally trusted Root-CA, self-signed certificates are sufficient. Google offers the apksigner tool to easily sign Android application packages, and its functionality is also included in Android Studio. However, I tend to work on various machines that oftentimes do not have a JDK installed - mandatory to run apksigner. On my development machine installation of a JDK would require about 20 dependencies, only to sign an apk once in a while.

I started searching for an online-tool to do the job, but could not find any. So I decided to deploy my own. It will sign uploaded apk and jar files with a self-signed certificate and return the signed file. The signing process can take a few seconds. As a goody, I configured the certificate in a way to include a simple XSS test in all fields. Find the tool at tools.ciko.io/apksigner.

Update 2019-01-03

Since the hoster of my tools server has gone missing (I am looking at you, HIFormance), I had to reinstall it. In the meantime I have found an app that can do the job just as well.

Happy hacking.