How would that be helpful? For comparison with something, the expected checksum should be in the APK. But if someone changed your APK (repackaging, etc.), they can also easily change the expected value. You can get it from the server, but itβs not too difficult to disable it if they are messing with your package.
In addition, some tools will fix the code in the Dalvik cache directly and, thus, change what your application does, even without touching the APK.
As a rule, you simply get the path to the APK, consider it binary and compute it using MessageDigest . You can use the PackageManager to get information about the application, and then ApplicationInfo # sourceDir gives you the package location. By the way, this may not work with paid applications on JB (4.1 and later), because you do not have permission to read the actual APK (this is the result of "direct blocking", for example, "application encryption").