Can I check if two android apps are signed with the same key?

Question

I want to check if signatures of App A and App B are the same.

I want to make the check in App A and call a method based on the result of that comparison.

public boolean compareAppSignatures() {
    Signature[] sigA = getPackageManager().getPackageInfo(getPackageName(),PackageManager.GET_SIGNATURES).signatures;
    Signature[] sigB = getPackageManager().getPackageInfo("<App B package name>",PackageManager.GET_SIGNATURES).signatures;
    return Arrays.equals(sigA, sigB);
}

Is this a good way to do it? Also, is there a way to check if they are signed with the same key? Can one android app get the signature list of any other app installed on the device?

Answer 1

Yes you can get the signature as follows

PackageInfo pi = getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES);
Log.i("test", pi.signatures[0].toCharsString());

and correspondingly yo can do as

Signature[] sigA = getPackageManager().getPackageInfo(getPackageName(),PackageManager.GET_SIGNATURES).signatures;
    Signature[] sigB = getPackageManager().getPackageInfo("<App B package name>",PackageManager.GET_SIGNATURES).signatures;

than you can compare as follows

public boolean compareAppSignatures() {
    Signature[] sigA = getPackageManager().getPackageInfo(getPackageName(),PackageManager.GET_SIGNATURES).signatures;
    Signature[] sigB = getPackageManager().getPackageInfo("<App B package name>",PackageManager.GET_SIGNATURES).signatures;
    return Arrays.equals(sigA, sigB);
}