Best IT Recipes

How to get signature signature APK?

Is there a way to get the key signature used to sign the APK? I signed the APK with my key from my keystore. How can I get it programmatically?

+51
android certificate signature apk
Apr 07 2018-11-11T00:
source share
3 answers

You can access the signature signature of an APK like this using the PackageManager class http://developer.android.com/reference/android/content/pm/PackageManager.html

Signature[] sigs = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures; for (Signature sig : sigs) { Trace.i("MyApp", "Signature hashcode : " + sig.hashCode()); }

I used this to compare with the hash code for my debug key to determine if the APK is an APK debugger or an release APK.

+57
Apr 07 2018-11-11T00:
source share

The package manager will provide you with a signature certificate for any installed package. Then you can print the details of the signature key, for example.

 final PackageManager packageManager = context.getPackageManager(); final List<PackageInfo> packageList = packageManager.getInstalledPackages(PackageManager.GET_SIGNATURES); for (PackageInfo p : packageList) { final String strName = p.applicationInfo.loadLabel(packageManager).toString(); final String strVendor = p.packageName; sb.append("<br>" + strName + " / " + strVendor + "<br>"); final Signature[] arrSignatures = p.signatures; for (final Signature sig : arrSignatures) { /* * Get the X.509 certificate. */ final byte[] rawCert = sig.toByteArray(); InputStream certStream = new ByteArrayInputStream(rawCert); try { CertificateFactory certFactory = CertificateFactory.getInstance("X509"); X509Certificate x509Cert = (X509Certificate) certFactory.generateCertificate(certStream); sb.append("Certificate subject: " + x509Cert.getSubjectDN() + "<br>"); sb.append("Certificate issuer: " + x509Cert.getIssuerDN() + "<br>"); sb.append("Certificate serial number: " + x509Cert.getSerialNumber() + "<br>"); sb.append("<br>"); } catch (CertificateException e) { // e.printStackTrace(); } } }
+22
Apr 30 '13 at 17:12
source share

My situation is that I have a pre-installed apk that uses the wrong key store. Therefore, direct installation will result in a failure due to an inconsistent signature. I need to check the signature first to make sure it can be installed smoothly.

Here is my solution .

As this code says, you can get the signature from the installed apk.

Details:

 Signature sig = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures[0];

Second: compare hashCode releaseApk. In my case, I downloaded this apk from my server and put it in sd_card.

 Signature releaseSig = context.getPackageManager().getPackageArchiveInfo("/mnt/sdcard/myReleaseApk.apk", PackageManager.GET_SIGNATURES).signatures[0];

Lastly, compare hashCode.

 return sig.hashCode() == releaseSig.hashCode;

I tried the code above, it works fine. If hashCode is different, you just need to remove the old apk, or if this system application and device is embedded, you can simply use runtime to remove it , and then install a new apk signature.

0
Jul 27 '16 at 15:18
source share


More articles:


All Articles