Menu
As all we do I have application which is signed by debug.keystore (by default) when it is in development mode (build). When it goes production we sign it with our private key. Is there any way to determine at runtime that current package is signed with debug.keystore (is in development mode) or is signed with our private key (is in production mode).
I have tried something like
PackageManager packageManager = getPackageManager();
try {
Signature[] signs = packageManager.getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES).signatures;
for (Signature signature : signs) {
Log.d(TAG, "sign = " + signature.toCharsString());
}
} catch (NameNotFoundException e) {
e.printStackTrace();
}
I don't know what to do next? Is this right way of doing this? How to obtain comparable debug.keystore signature?
I know that exists MD5 Fingerprint keytool -list -keystore ~/.android/debug.keystore but in Signature class there is not "md5 fingerprint"-like method.
I want to do this because of MapView Key, Logging, LicenseChecker and stuff like this.
608
Signature of a keystore Note that if you are using Play App Signing, your upload key may differ from the key used by Google Play to sign your app. In this case, you can find the app signature from the Google Play Console on the Release > Setup > App Integrity page.
Step 1: Go to Android Studio -> Build ->Generate Signed Bundle. Select Android App Bundle on the pop screen and select Next. Step 2: Enter the KeyStore path where the KeyStore is stored or Create a new KeyStore as seen below. Step 4: Select the release mode from the list and select finish.
The default location is /Users/<username>/. android/debug. keystore.
The signature in PackageInfo does not seem to be well named since tha field does not contain the package signature but the signer X509 certificate chain. Note that (most of the time) this chain seems to be limited to one single self-signed certificate.
According to the Android developer page Signing Your Applications the debug signature certificate is generated with this DN: CN=Android Debug,O=Android,C=US
Therefore it is easy to test if the application has been signed in debug mode:
private static final X500Principal DEBUG_DN = new X500Principal("CN=Android Debug,O=Android,C=US");
/* ... */
Signature raw = packageManager.getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES).signatures[0];
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(raw.toByteArray()));
boolean debug = cert.getSubjectX500Principal().equals(DEBUG_DN);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
