问题
I would like to programmatically perform a check on the APK's signature at runtime. I own a keystore on my development workstation, so I could know (dunno how) the public key I'm signing an APK with.
Once I know what the public key will be after signage, I would like to put in the source code and check if the currently running application matches the key.
Is it possible? If so, how do I obtain the public key from an Eclipse-generated keystore?
Thanks.
回答1:
You could try this, it should work
Signature[] sigs = getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures;
for (Signature sig : sigs)
{
// log the sig here
}
回答2:
I think I have the same situation like you have. Here is my original solution.
You may have a try on it.
Signature sig = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures[0];
Signature releaseSig = context.getPackageManager().getPackageAchiveInfo("/mnt/sdcard/myReleaseApk.apk", PackageManager.GET_SIGNATURES).signatures[0];
return sig.hashCode() == releaseSig.hashCode;
来源:https://stackoverflow.com/questions/9949459/self-checking-an-apks-signature