Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to view the identity of person who signed the apk on Android device?

I need to view who signed the application I have installed onto my device. Is this generally possible to do on the device or on PC?

like image 465
Alexei Tymchenko Avatar asked Dec 01 '10 12:12

Alexei Tymchenko


People also ask

How do I find my app signature on Android?

Android Security Verifying App Signature - Tamper Detection We can break this technique into 3 simple steps: Find your developer certificate signature. Embed your signature in a String constant in your app. Check that the signature at runtime matches our embedded developer signature.

Are APK files signed?

Android requires that all APKs be digitally signed with a certificate before they are installed on a device or updated. When releasing using Android App Bundles, you need to sign your app bundle with an upload key before uploading it to the Play Console, and Play App Signing takes care of the rest.

How can I tell if APK is signed or unsigned?

Unsigned APK is actually signed by debug key, you can consider it as dummy since it is not secure and publicly available and play store would not accept it. There signed APK it's signed with your own key which is guarded by yourself, since it is unique play store would accept it.


2 Answers

(assuming you can obtain access to the raw apk file - which you usually can, if you know or make an educated guess of its name and location, even though you can't list the contents of /data on a non-rooted phone)

You could open the apk as a zip file and filter the ascii text from the binary content of META-INF/CERT.RSA

Or using an actual tool,

jarsigner -verify -certs -verbose some_application.apk 

Of course the only way to verify that the signer is who they claim to be is to get something else signed with the same key from that party via direct or verified means and compare the signing key fingerprints - that is how Android itself verifies that app upgrades and app ID sharing come from the same party as the existing APK they target.

like image 118
Chris Stratton Avatar answered Sep 30 '22 19:09

Chris Stratton


From Getting certificate details from an apk, you can use the following command

openssl pkcs7 -inform DER -in CERT.RSA -noout -print_certs -text

like image 26
user2645905 Avatar answered Sep 30 '22 18:09

user2645905