Suppose I have an an apk that I want to reverse engineer but there are some small problems regarding this. For instance if the application uses Google siging mechanism to signin into the app then I would not be able to signin after modifying the apk!
There are also couple of other reasons that why not to modify an apk with resigning it with custom keystore...!
Is it possible? Or is there any other problem to tackle this?
It is not possible1 to modify an APK without invalidating the signature. That is the whole point of the signature.
However, the APK signature and Google's Sign-in service are different things. "Signing" and "sign-in" are different words with different meanings. From a theoretical standpoint (at least) an APK that has been modified should still be able to successfully use Google Sign-in.
Here are some background links on APK digital signatures and how they work:
1 - At least not currently. If someone manages to break the "crypto" that is used to implement the signature, then all bets are off. But we are probably OK for a few years ...