How to Permanently Stop Updates on an Android Application
There are many apps that exist out there that some feel were ruined with updates. Some changes range from including adware bundled with the app or the app basically changing into a piece of malware. QuickPic, an app that was once praised for being a lightweight app with a brilliant UI, was bought by Cheetah Mobile and slowly started to include advertisements for other applications. Wouldn’t it be nice to be able to stop updates and go back to the app everyone loved, the app that existed before advertisements were pushed on its users?
Well, there is a way through the likes of XDA Labs, the XDA Apps & Games forum, and other websites such as APKMirror. In the case of QuickPic, the last update before it was changed by Cheetah Mobile was the v4.5.2 update. If we install this APK onto our devices, we could disable automatic updates in the Google Play Store, but what if you accidentally update it when tapping to update every other app on your device? You would then have to uninstall the app then re-install the old version, or restore a backup – both of which can be a hassle. But what if we could stop updates for an app permanently?
How to Re-sign your APK File to Stop Updates
This tutorial takes a bit of set up, but once done you will have all that you need for future files and it will be a lot quicker. For this tutorial you will need Java and a method to open the APK file on your PC. Any standard zip viewer should work fine. You will also need Android Studio. This guide does not need root and simply requires “Allow unknown sources” to be enabled in security settings. For this tutorial, I will use QuickPic v4.5.2. It will work for any APK, however.
Navigate to your Android Studio folder and find the keytool application. For me, this is in C:\Program Files\Android\Android Studio\jre\bin. Open a command window as administrator and navigate to this folder. You will now need to make use of keytool to generate a keystore for re-signing your APK. Next, type the following into the command window.
keytool -genkey -v -keystore C:\my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Replacing “my-release-key” with a name of your choice and “alias_name” with a name of your choice. You will be prompted to enter a username and password. Enter these and you’re good to go. Keep the folder and command Window open.
Copy the application you want to sign to the folder you found keytool in.
Open the APK of your choice with any zip viewer as an archive. I recommend 7Zip. Delete the “META-INF” folder inside of the APK and continue. META-INF contains the key signing files. Copy the APK to the folder containing jarsigner too if you want for ease of use. Jarsigner is used to re-sign your APK.
Inside of the folder in a command window, type the following command to re-sign your APK.
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore C:\my-release-key.keystore my_application.apk alias_name
Replacing “my-release-key”, “my_application” and “alias_name” with the required information. You will be asked for the keystore password. Once entered, you will see the file has been signed.
Copy the file to your phone and try it out! It should install fine and if you try to update it via the Play Store you will see it can’t.
As you can see above, our modification worked!
Android has a security system in the form of APK signatures which means that applications on your device all have to have a special key held only by the developer in order for it to accept an update to the same app. This means if somebody modifies your APK and attempts to trick users into thinking it is a new update, a simple key verification can show this is not a legitimate update and then Android actually blocks the update entirely. This is a security feature which we can use to stop updates on any Android application of our choosing, for good!
And that’s all! I hope I helped some users with this tutorial.