Using an unsigned APK allows you to install a modded version directly over the original app. This provides the following major benefits:
Technically, "unsigned" means the APK has been modified while retaining the original internal key structure, rather than being re-signed with a new, private key. Under normal circumstances, Android security prevents these files from installing because the "seal" has been broken.
However, by rooting your device and disabling signature verification (using tools like Lucky Patcher or Core Patch), you can bypass these checks. This tricks the system into accepting the unsigned APK as a signed APK, allowing you to sync your progress.
Creating unsigned APK:
Note:
- This guide is written for PC users, but the steps are identical on Android. If you are on a phone, use a file explorer like X-plore or an APK Editor app.
- Unsigned APKs are highly recommended for Core Patch users. Lucky Patcher currently has known compatibility issues with unsigned files.
- This method may not work for all games. Google and game developers use advanced security measures and server-side checks that can detect even minor tampering. Bypassing these security protocols is outside the scope of this guide.
Open your signed mod APK using an archive manager like 7-Zip or WinRAR.
Locate the META-INF folder and delete it.
Next, you will need the original APK or Split APK file. You can extract this directly from your device using X-plore or another APK extractor app. Alternatively, you can download it from trusted sources such as APKPure, APKMirror, APKCombo, ApkGk, or Aptoide
Open the original, unmodified APK.
- If it is a split APK (XAPK, APKS, APKM, ZIP), open the base.apk file inside.
- If it is a standalone APK, open it directly.
Find the META-INF folder in the original file and copy it into your modded APK.
Check the base.apk/original APK for a file named stamp-cert-sha256.
- If it exists: Copy it from the original APK and replace the one in your modded APK.
- If it does not exist: Delete the stamp-cert-sha256 file from your modded APK entirely.
Important: If essential signature files (such as .RSA, .DSA, .SF, or .MF) are missing from META-INF folder:
- For Split APKs (XAPK, APKS, APKM, ZIP): Open one of the config files, such as split_config.arm64_v8a.apk, and copy the required signature files from there into your modded APK.
- For Standalone APKs: If these files are missing and there are no splits, you may need to find an older version of the official APK to extract the necessary signature files.
Once these steps are complete, your modded unsigned APK will carry the signature metadata of the original app, allowing it to login with Google, Facebook, other logins and bypassing simple game security.
To install unsigned APK, you will need to disable the signature check on your rooted device: How to install unsigned APK using Core Patch module (Root & Xposed required)
Enjoy!
Proof of concept:
- Google Login: Sign in to your Google account without error.
- Facebook Login: Connect to Facebook without needing to uninstall the official Facebook app.
- Bypassing simple signature checks
Technically, "unsigned" means the APK has been modified while retaining the original internal key structure, rather than being re-signed with a new, private key. Under normal circumstances, Android security prevents these files from installing because the "seal" has been broken.
However, by rooting your device and disabling signature verification (using tools like Lucky Patcher or Core Patch), you can bypass these checks. This tricks the system into accepting the unsigned APK as a signed APK, allowing you to sync your progress.
Creating unsigned APK:
Note:
- This guide is written for PC users, but the steps are identical on Android. If you are on a phone, use a file explorer like X-plore or an APK Editor app.
- Unsigned APKs are highly recommended for Core Patch users. Lucky Patcher currently has known compatibility issues with unsigned files.
- This method may not work for all games. Google and game developers use advanced security measures and server-side checks that can detect even minor tampering. Bypassing these security protocols is outside the scope of this guide.
Open your signed mod APK using an archive manager like 7-Zip or WinRAR.
Locate the META-INF folder and delete it.
Next, you will need the original APK or Split APK file. You can extract this directly from your device using X-plore or another APK extractor app. Alternatively, you can download it from trusted sources such as APKPure, APKMirror, APKCombo, ApkGk, or Aptoide
Open the original, unmodified APK.
- If it is a split APK (XAPK, APKS, APKM, ZIP), open the base.apk file inside.
- If it is a standalone APK, open it directly.
Find the META-INF folder in the original file and copy it into your modded APK.
Check the base.apk/original APK for a file named stamp-cert-sha256.
- If it exists: Copy it from the original APK and replace the one in your modded APK.
- If it does not exist: Delete the stamp-cert-sha256 file from your modded APK entirely.
Important: If essential signature files (such as .RSA, .DSA, .SF, or .MF) are missing from META-INF folder:
- For Split APKs (XAPK, APKS, APKM, ZIP): Open one of the config files, such as split_config.arm64_v8a.apk, and copy the required signature files from there into your modded APK.
- For Standalone APKs: If these files are missing and there are no splits, you may need to find an older version of the official APK to extract the necessary signature files.
Once these steps are complete, your modded unsigned APK will carry the signature metadata of the original app, allowing it to login with Google, Facebook, other logins and bypassing simple game security.
To install unsigned APK, you will need to disable the signature check on your rooted device: How to install unsigned APK using Core Patch module (Root & Xposed required)
Enjoy!
Proof of concept:
Last edited:
