问题
I need to view who signed the application I have installed onto my device. Is this generally possible to do on the device or on PC?
回答1:
(assuming you can obtain access to the raw apk file - which you usually can, if you know or make an educated guess of its name and location, even though you can't list the contents of /data on a non-rooted phone)
You could open the apk as a zip file and filter the ascii text from the binary content of META-INF/CERT.RSA
Or using an actual tool,
jarsigner -verify -certs -verbose some_application.apk
Of course the only way to verify that the signer is who they claim to be is to get something else signed with the same key from that party via direct or verified means and compare the signing key fingerprints - that is how Android itself verifies that app upgrades and app ID sharing come from the same party as the existing APK they target.
回答2:
From Getting certificate details from an apk, you can use the following command
openssl pkcs7 -inform DER -in CERT.RSA -noout -print_certs -text
来源:https://stackoverflow.com/questions/4324120/how-to-view-the-identity-of-person-who-signed-the-apk-on-android-device