Howto: create an Android package


Last weekend, I built an package with a patched CA certificate store and took me quite some time to figure out the format of the zip file.
It turned out that most documentation still refers to the format that uses the update-script written in the "Amend" dialect. Since Donut (1.6), Android uses an alternative layout consisting of an updater-script and an update-binary. The binary parses the new script and is included in the zip file. For backward compatibility reasons, it's still possible to also add an update-script file.

The update scripts and binary should be placed in the folder "META-INF/com/google/android/", while the content of your package resides in the root of the zip file. This yields the following layout for the that I created:

    +- com/
       +- google/
             +- android/
                   +- update-script
                   +- update-binary
                   +- updater-script
   +- etc/
       +- sysctl.conf
       +- security/
             +- cacerts.bks

Note that the structure of META-INF is always the same, while the /system folder can be anything you need for your update (I think you can even mount and write to the sdcard).

After you created your file hierarchy and put your own files in the root, you can populate the META-INF/com/google/android folder. The ARM update-binary can be found in a zip-file attached to this article. The updater-script should be written in Edify, a little scripting language from the Android project. The official README gives some background, but a quite complete description of all the commands is found on

My little script mounts the /system partition, copies the files and set the permissions. In Edify:

ui_print("Android Security Enhancements");
ui_print("By: Michiel Fokke -");

show_progress(1.000000, 0);

ui_print("  Mounting /system");
mount("MTD", "system", "/system");

ui_print("  Deleting /etc/sysctl.conf");

ui_print("  Deleting /etc/security/cacerts.bks");

ui_print("  Extracting files to /system");
package_extract_dir("system", "/system");

ui_print("  Setting permissions to 0644...");

ui_print("  Unmounting /system");

ui_print("Update complete. Have a safe Android!");

If your code is compatible with Cupcake (1.5) or lower, you might want to also include the legacy update-script that was written in Amend:

show_progress 0.5 0
delete SYSTEM:etc/sysctl.conf
delete SYSTEM:etc/security/cacerts.bks
copy_dir PACKAGE:system SYSTEM:
set_perm 0 0 00644 SYSTEM:etc/sysctl.conf
set_perm 0 0 00644 SYSTEM:etc/security/cacerts.bks
show_progress 0.1 10

An overview of the Amend command syntax is found on Lorenz's Blog.

At this point the package is complete and you can create the zip-file. In Linux this can be done (while in the root of the package) with:

zip -r ../ *

Android requires you to sign your packages with a digital signature. I included a jar file that can take care of this. It contains an unencrypted sample key, that you could optionally exchange for your own key. Download the jar file and put it in the same folder as the newly created The zip-file is signed with the following command:

java -classpath testsign.jar testsign

The signed zip-file contains three additional files, the first two contain hashes of all files in the zip-file and the last one (CERT.RSA) a digital signature:

    +- CERT.SF
    +- CERT.RSA
    +- com/
       +- google/
             +- android/
                   +- update-script
                   +- update-binary
                   +- updater-script
   +- etc/
       +- sysctl.conf
       +- security/
             +- cacerts.bks

At this stage, the file can be put on the SD-card of an Android phone and applied to the system from a recovery ROM.

update-binary.zip153.63 KB
testsign.jar13.16 KB


add an apk

How can I add an apk file to the file I mean by which command I can add an application while updating??Reply soon??

i want to answer and asking you.

if you want to add apk,i thought you just need add the apk to /system/app inside a dir(i heard that).but i want to ask you a question,the update script will be using for update that rom which contains it or using for update the next rom from the rom contains it?thank


Sir I want to create 2 update.zips for to mobile pls guide me or send me.

1 for xolo a1000 for my Google account ID with password and WiFi connections with settings that installing help after formatting the phone.

2 for Byond b-67 white 5inches(I think feblet) this phone hanged at "". for deleting this file I want also i want flashing software for this phone with stock firmware.if any link pls.


please help sonn as posible
rajoo dewani +919828035189

I opened the

I opened the and it has a binary file, but I don't know what it is.

mount wants 4 arguments


Thank you for your tutorial. I tried creating an update file according to it. (Except taking the update-binary from the android build directory).

I got an error saying:
mount() expects 4 args, got 3
It seems the format with this version is:
mount("yaffs2", "MTD", "system", "/system");

Just thought you might be interested.

Clear and concise

Yes, thank you for posting. I have also searched for a good explanation of android and this one is very clear.

Where on the device i have to

Where on the device i have to put the public key, so that the signature verification does not fail?

Thanks for your article it

Thanks for your article it really helped me understand that update-binary is an ARM file & should explictly be copied to the Meta-Inf folder. Finally I have my working

Thank you for sharing this

Thank you for sharing this info. I've been looking all over and have found a lot on the subject - but it's utterly confusing and you're the first I've come across who has delivered a concise and lucid recitation on the matter; along with all the necessary materials. :-)