Is there a way to add metadata to an Android APK without impacting the signature?
Will adding files to the META-INF folder break the signature? What about modifying the file: MANIFAST.MF?
You can't modify an APK without breaking it's signature.
The META-INF folder contains three files in:
CERT.RSA This is your certificateMANIFEST.MF This is the nominal Jar manifest that contains the hashes for all files referenced in the APKCERT.SF Is the signature file for all entries in the MANIFEST.MF as well as the manifest file as a wholeIf you change any file in the APK, it's hash will change and signature verification will fail. As far adding arbitrary files to an APK, Android will only permit you to access files that are in the MANIFEST.MF and since you can not change this file without breaking its hash, you are effectively unable to add any files to the APK as well.