CODEWITHSUNDEEP
androidsecurityapkbinaryfiles
Puneet Sahota
Puneet Sahota

Reputation: 53

APK checksum- Binary Code Protection

How can i calculate the CheckSum of my APK file in android? I want to calculate the APK checksum and compare it everytime my app. executes to see if some one has modified the binary code? How can i calculate check sum and achieve this?

Upvotes: 3

Views: 3157

Answers (1)

scottyab
scottyab

Reputation: 24039

Updated in 2020 - Google Play can now optimise, repackage and re-sign uploaded .apks (and add security meta data to the .apk) so it's unlikely this tamper check is still valid. Better to use the SafetyNet attestation API to verify the device and in turn your app - just ensure you're verifying the signature offline on your server.

Here's some code to checksum your APK. I wrote and article on adding tamper detections to your apps (which ironically didn't include apk checksum). 

private static long getApkFileChecksum(Context context) {
        String apkPath = context.getPackageCodePath();
        Long chksum = null;
        try {
            // Open the file and build a CRC32 checksum.
            FileInputStream fis = new FileInputStream(new File(apkPath));
            CRC32 chk = new CRC32();
            CheckedInputStream cis = new CheckedInputStream(fis, chk);
            byte[] buff = new byte[80];
            while (cis.read(buff) >= 0) ;
            chksum = chk.getValue();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return chksum;
    }

You could also use this to can the sha-256 of your apk...

public static String getApkFileDigest(Context context) {
        String apkPath = context.getPackageCodePath();
        try {
            byte[] hashed= getDigest(new FileInputStream(apkPath), "SHA-256");
            return Base64.encodeToString(hashed, Base64.DEFAULT);
        } catch (Throwable throwable) {
            throwable.printStackTrace();
        }
        return null;
    }

    public static final int BUFFER_SIZE = 2048;

    public static byte[] getDigest(InputStream in, String algorithm) throws Throwable {
        MessageDigest md = MessageDigest.getInstance(algorithm);
        try {
            DigestInputStream dis = new DigestInputStream(in, md);
            byte[] buffer = new byte[BUFFER_SIZE];
            while (dis.read(buffer) != -1) {
            }
            dis.close();
        } finally {
            in.close();
        }
        return md.digest();
    }

Upvotes: 2

Related Questions