5/3/2023 0 Comments Android studio build apk![]() ![]() ![]() That's going to dump out a lot of information about who the signer claims to be. You want to see what you can find out about it: unzip -p suspect.apk META-INF/CERT.RSA | keytool -printcert Usually this is in META-INF/CERTS.RSA but it can be in another file - unzip -l will tell you. I believe these come from the JDK which is a prerequisite to the android SDK rather than the SDK itself.įirst you want try to verify the public key contained within the. You will need to have jarsigner and keytool. That's basically what the phone itself does - verifies that something that claims to be from the same party as something already on the phone actually is - the phone doesn't refuse to install things with unknown signers, it can only (object to/clear application data of) apparent forgeries when something new doesn't match something old that it claims to. zip) however it may not be trivial to trace the authenticity of the certificates unless you have something known good to compare to. jar files (.apk is really just a special. Sidestepping the debate over the legitimacy of installing that app on your phone, the question of verification is one that I've been meaning to understand for a while, and you've prompted me to try to figure out a possible way of verifying who signed an apk.Īndroid apps are signed in the normal manner of. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |