Self-checking an APK's signature

2020-02-28 05:58发布

I would like to programmatically perform a check on the APK's signature at runtime. I own a keystore on my development workstation, so I could know (dunno how) the public key I'm signing an APK with.

Once I know what the public key will be after signage, I would like to put in the source code and check if the currently running application matches the key.

Is it possible? If so, how do I obtain the public key from an Eclipse-generated keystore?

Thanks.

标签： android apk digital-signature

2条回答

家丑人穷心不美

2楼-- · 2020-02-28 06:36

You could try this, it should work

Signature[] sigs = getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures;
    for (Signature sig : sigs)
    {
        // log the sig here
    }

0人赞添加讨论(0) 举报

Melony?

3楼-- · 2020-02-28 06:51

I think I have the same situation like you have. Here is my original solution.

You may have a try on it.

Signature sig = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures[0];
Signature releaseSig = context.getPackageManager().getPackageAchiveInfo("/mnt/sdcard/myReleaseApk.apk", PackageManager.GET_SIGNATURES).signatures[0];
return sig.hashCode() == releaseSig.hashCode;

0人赞添加讨论(0) 举报

Self-checking an APK's signature

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间