Corona has amazing record with backwards compatibility. If you rely on deprecated framework, like Storyboards, you can download it and put file in your project and it will work. Stuff described below is dangerous and not really recommended
I tried to fix vulnerability by editing the LicensingOld.apk:
Install APK tool:
On mac I use brew (https://brew.sh/):
brew install apktool
Otherwise, follow instructions https://ibotpeaches.github.io/Apktool/install/
Create a new folder, put your APK into in. In ternimal navigate to that folder (or simply drag&drop folder to terminal dock icon), then run following command to decompile your APK
apktool d LicensingOld.apk
Open file LicensingOld/AndroidManifest.xml
with your favorite programmers text editor (for example Sublime Text, Xcode or Atom). This is the step where we actually fixing the issue as suggested by Google Play email.
Change android:exported="true"
to android:exported="false"
So the line looks like:
<provider android:authorities="com.coronalabs.vlad.Licensing3.files" android:exported="false" android:name="com.ansca.corona.storage.FileContentProvider"/>
In order to submit a new version to Play Store, you must increase build number. You can do it by editing LicensingOld/apktool.yml
and changing versionCode
to larger version:
versionCode: '4'
became
versionCode: '5'
Also, I had to edit AndroidManifest.xml
by adding attribute android:versionCode="5"
to manifest
tag in 1st line:
<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:installLocation="auto" package="com.coronalabs.vlad.Licensing3" platformBuildVersionCode="25" platformBuildVersionName="7.1.1" >
became
<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:installLocation="auto" package="com.coronalabs.vlad.Licensing3" platformBuildVersionCode="25" platformBuildVersionName="7.1.1" android:versionCode="6">
This seem to be a bug in apktool, but here's work around
Rebuild the APK by running this command1:
apktool b LicensingOld -o NewAPK.apk
Now you should have NewAPK.apk
with "fixed" manifest in it. You would have to resign it.
jarsigner -signedjar NewAPK-signed.apk -keystore ~/my-release-key.keystore -storepass android -sigalg MD5withRSA -digestalg SHA1 NewAPK.apk alias_name
Note that you may have to change location to you keystore (~/my-release-key.keystore
), password to it (android
) and/or alias name (alias_name).
When this command is successful you would get new file, NewAPK-signed.apk
.
To submit to play store, APKs must be "aligned". I used tool shipped with macOS Corona Simulator to align the apk
"/Applications/Corona-3145/Corona Simulator.app/Contents/Resources/zipalign" -f 4 NewAPK-signed.apk NewAPK-signed-aligned.apk
Windows would have similar tool.
After all this steps are done, I was able to submit NewAPK-signed-aligned.apk
to Play Store
1 This initially produced "No resource identifier found for attribute 'resizeableActivity' in package 'android'" error. It was because I had really old installation of apktool previously. Removing ~/Library/apktool/framework/1.apk solved it.
note Also, see this thread where similar is done https://forums.coronalabs.com/topic/42390-how-to-modify-your-apk-using-apktool-jarsigner-and-zipaligner/