Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android N - how to check if apk is signed with schema v2

Android N provided new apk Signature Scheme v2, how can I check if a specific apk is signed with that new signature?

Thanks

like image 457
Lidi Avatar asked Aug 15 '16 14:08

Lidi


People also ask

What is v2 signature?

APK Signature Scheme v2 is a whole-file signature scheme that increases verification speed and strengthens integrity guarantees by detecting any changes to the protected parts of the APK.

Are APK files signed?

Application signing ensures that one application cannot access any other application except through well-defined IPC. When an application (APK file) is installed onto an Android device, the Package Manager verifies that the APK has been properly signed with the certificate included in that APK.


1 Answers

  • Run apksigner verify -v <apk> and look for Verified using v2 scheme (APK Signature Scheme v2): true in the output. apksigner can be found in Android SDK build tools 24.0.3. apksigner's source code is here: https://android.googlesource.com/platform/tools/apksig/.

  • For an already installed package on Android Nougat: adb shell pm dump <package name> | grep apkSigningVersion. 1 means conventional JAR signing scheme, 2 means APK Signature Scheme v2.

  • You can also run grep 'APK Sig Block 42' app.apk but this may have false positives. Only if there is no match is it certain that the APK is not signed using APK Signature Scheme v2.

EDIT: Added information about apksigner which wasn't yet available when the original answer was written.

like image 163
Alex Klyubin Avatar answered Oct 05 '22 19:10

Alex Klyubin