Menu
I am developing an android library and I want to apply a tamper-detection mechanism to my code, since it calls some sensitive financial web services.
What I'm going to implement is to calculate the checksum of the apk ( or important parts of it), programmatically on the runtime, so I can prevent a repackaged or recompiled apk from being able to do any harm (tamper prevention).
What I have come up with so far, is to calculate the checksum of the applicationInfo.publicSourceDir. but I'm not sure what happens with the apps that have multiple dex files or multiple splitApks.
What is the most reliable way to calculate checksum based on the code-base of an application in Android, programmatically?
534
A checksum validation is used when you received a file and would like to verify that the original file has not been modified or tampered with.
Android phone or tablet using ChromeOpen the Google Chrome browser on your Android phone or tablet. Open the web page whose source code you want to view. Tap once in the address bar and move the cursor to the front of the URL. Type view-source: and tap Enter or Go.
Source code is available for most apps and websites. You can find it on the developer's website, or sometimes you can find it in the app's store. If you can't find it, or if you want to view it before downloading it, you can usually find a copy of the source code on the internet.
Package Manager is a highly powerful application to manage apps, both system and user, installed on an android device.
If you distribute via play you might have a look into SafetyNet: https://developer.android.com/training/safetynet/index.html
103
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
