Created attachment 124515 [details] Example apk signed with the v2 schema SUMMARY Android .apk files are generally normal .zip files. Older apps signed with "JAR-signed APK verification (v1 scheme)" are processed fine by KZip. Newer files signed with "APK Signature Scheme v2" fail have an "APK Signing Block" inserted right before the Central Directory block but after the last Local file block. KZip goes through the file sequentially and encounters "random data" and errors out with "Invalid ZIP file. Unrecognized header at offset ${offset}" The following links explain the structure of this quite well: https://source.android.com/security/apksigning/v2 https://www.fortinet.com/blog/threat-research/an-android-package-is-no-longer-a-zip.html The reason I'm filing this bug is, that all other zip programs I tested (libarchive, unzip) handle those files without any problem, but KZip doesn't. STEPS TO REPRODUCE Try to process an Android apk signed with the APK Signature Scheme v2 with KZip (e.g. with the kziptest util - "kziptest list ~/myapp.apk") OBSERVED RESULT The file can't be opened EXPECTED RESULT The file should be opened SOFTWARE/OS VERSIONS KDE Frameworks Version: 5.64.0 ADDITIONAL INFORMATION I'm using KZip in https://github.com/z3ntu/kde-thumbnailer-apk which only processes APK files so if this bug can't/won't be fixed, I will have to switch to using another library for that. Also if you have an apk , you can find out if it's signed with the v2 scheme by grepping the file for "APK Sig Block 42" or using "apksigner verify -v myapp.apk", provided by the Android build tools.