6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Using app signature as secret key?\",\"text\":\"

How safe is the app signature in android, obtained through the following code?

\\n\\n

        sigs = this.getPackageManager().getPackageInfo(this.getPackageName(), PackageManager.GET_SIGNATURES).signatures;\\n        privateKey = sig[0].hashCode(); \\n

\\n\\n

I am thinking of using the app's signature as a private key in communication with a web server. How secure is this approach?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Syed Fahad Sultan\"},\"upvoteCount\":2,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","android",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/android/1","children":"android"}]}],["$","span","security",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/security/1","children":"security"}]}],["$","span","apk",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/apk/1","children":"apk"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/1be5ccfbf77c6e04a7fdc45a052f5f86?s=256&d=identicon&r=PG","alt":"Syed Fahad Sultan","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/712207/syed-fahad-sultan","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Syed Fahad Sultan"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",508]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Using app signature as secret key?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

How safe is the app signature in android, obtained through the following code?

\n\n

        sigs = this.getPackageManager().getPackageInfo(this.getPackageName(), PackageManager.GET_SIGNATURES).signatures;\n        privateKey = sig[0].hashCode(); \n

\n\n

I am thinking of using the app's signature as a private key in communication with a web server. How secure is this approach?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",2]}],["$","p",null,{"children":["Views: ",395]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","18375548",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/0cf0c8af58a9468b8a8bd57b1c6bdf6f?s=256&d=identicon&r=PG","alt":"Nikolay Elenkov","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/242930/nikolay-elenkov","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Nikolay Elenkov"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",52936]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Absolutely insecure. The so called 'signature' is the signing certificate and anyone who can use WinZip can extract it from your APK. It is not meant to be secret, so don't treat it as such. If you want to communicate securely with a Web server use HTTPS (SSL).

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","3557159",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/3557159","className":"text-blue-600 hover:underline","children":"How can I sign my application with the system signature key?"}]}],["$","li","64888960",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/64888960","className":"text-blue-600 hover:underline","children":"Android :Signing in android app with system signature"}]}],["$","li","41872214",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/41872214","className":"text-blue-600 hover:underline","children":"sign app using given keystore"}]}],["$","li","29056200",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/29056200","className":"text-blue-600 hover:underline","children":"Keystore For Signing Android App"}]}],["$","li","34952772",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/34952772","className":"text-blue-600 hover:underline","children":"Android APK Digital Signature"}]}],["$","li","1916053",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/1916053","className":"text-blue-600 hover:underline","children":"Android Application APK signing?"}]}],["$","li","18128757",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/18128757","className":"text-blue-600 hover:underline","children":"Signing an app with system key"}]}],["$","li","6166775",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/6166775","className":"text-blue-600 hover:underline","children":"Signing Android app with key"}]}],["$","li","8516899",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/8516899","className":"text-blue-600 hover:underline","children":"Signing Android apk?"}]}],["$","li","3603928",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/3603928","className":"text-blue-600 hover:underline","children":"android: how do i sign my app using an existing key?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Using app signature as secret key?

Answers (1)

Related Questions