I am trying to modify Settings.apk of an Android 11 device to get rid of embedded suspicious likely malware URL in the code in order to disable potential control server communication.
The original unmodified Settings.apk file identifies like this:
Settings.apk: Java archive data (JAR)
This can be decompiled in JADX with no errors.
I can change it to .zip and unzip it, change the code, fix dex checksum and hash and re-zip it. The re-zipped file can still be decompiled in JADX without errors to inspect code changes, but the file now identifies like this:
Settings.apk: Android package (APK), with AndroidManifest.xml
And it's size after zipping is about half of the original.
The re-zipped and re-signed file does not work when loaded into the device.
If I re-sign the original APK without re-zipping it, it does run even signed with my own certificate.
Does anyone know how to repackage the APK into the JAR archive or what is wrong here?
APK files are always ZIP files. Before Android 7 the only signature system was the same that was used for JAR files (today called "APK signature v1"), therefore some file identifier tools my detect APK files as JAR files. But nowadays this old signature format is only used if compatibility with such old Android versions is required.
Regarding repackaging: You already observed one of the reasons: Your newly created zip files is too small.
Check the original APK file in 7-Zip Gui and you will see that a lot of files are stored without compression. That is because Android has always used some files from within the APK file by directly from the ZIP file without decompression.
In the last years Google has made Android to use more and more files that way.
Most of those files used directly from within the APK have are used by mapping the whole APK into memory. Because of the memory mapping another problem may be present in your re-zipped APK: For being able to load something directly from a memory-mapped file it is required to save the file aligned to certain boundaries. Originally those files used from via memory mapping had to be aligned to 4K boundaries (default page size). Now Google want's to change the default memory page size to 16KB as this increases the overall performance of Android.
Conclusion:
Don't try to manipulate an APK directly with just (un)zip tools. Instead better use specialized tools like apktool which record which files are stored uncompressed and apply that after when rebuilding the APK. If apktool fails you can disable resource or source code decompilation and rebuilding. Then it will mainly decompress and rebuild the APK file.
Use zipalign tool from Android SDK after building the APK and before resigning it. Nowadays I would directly recommend to use zipalign -v 4 input.apk output.apk.