I would like to know what exactly means the hashes from the field PackageSignatures when you obtain it with
adb shell dumpsys package com.myapp
for a given installed app.
I see two hashes:
signatures=PackageSignatures{abcabca [xyzxyzxy]}
The first one (abc) is different in each installation. The second one (xyz) is fixed for a given apk.
Moreover, I would like to know whether the second one has any relationship with the public signature of the APK. I have several apks with the same public signature, but the second hash is different. Is that normal?
The signatures line on a recent Android version looks as follows:
signatures=PackageSignatures{9122424 version:2, signatures:[bbb2e2d2], past signatures:[]}
To understand this line we just have to look into the AOSP source code: PackageSignatures.java
The first part abcabca
comes from System.identityHashCode(this)
. Hence it generated the Java hashcode fro the current PackageSignatures
instance. As this class has only one filed PackageParser.SigningDetails mSigningDetails;
the hash code totally depends on the fields of the class SigningDetails:
Your used Android version seems to be a bit old, as nowadays the second part is the signatureSchemeVersion
- at the moment there are three signature schemes known: V1 (jarsigner), v2 and v3.
The signatures you are interested in is generated by the following code:
Integer.toHexString(mSigningDetails.signatures[i].hashCode())
Where signatures[i]
is an instance of the class [android.content.pm.Signature
](https://github.com/aosp-mirror/platform_frameworks_base/blob/master/core/java/android/content/pm/Signature.java
).
The hashCode()
is defined in this class to be generated by Arrays.hashCode(mSignature);
where mSignature
is a byte array that seem to contain the encoded version of the used X.509 signature certificate. Alternatively the raw byte[]
can be supplied, hence it is difficult to tell the concrete content.
But from my understanding on your device this part should be directly linked to the signature of the APK file.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With