Error comparing APK Signature with original Signature

Question

I am trying to compare Signature verification of my APK at run time with the original Signature key "The same one!", I follow that answer so it's mustn't kill my app because it's the same one!, but it's kills the app as it's not the same one and show the toast.

That's the code

public void checkSignature(final Context context) {
    try {
        signatures = context.getPackageManager()
                .getPackageInfo(context.getPackageName(),
                        PackageManager.GET_SIGNATURES).signatures;

        if (signatures[0].toString() != SIGNATURE_KEY) {
            // Kill the process without warning. If someone changed the certificate
            // is better not to give a hint about why the app stopped working
            android.os.Process.killProcess(android.os.Process.myPid());
            Toast.makeText(getApplicationContext(), "Not working", Toast.LENGTH_LONG).show();
        }
    } catch (PackageManager.NameNotFoundException ex) {
        // Must never fail, so if it does, means someone played with the apk, so kill the process
        android.os.Process.killProcess(android.os.Process.myPid());

    }
}

I used that code to get the Signature code at runtime more than time and every time gives me the same! "it's happens when i tap on button"

ClipboardManager clipboard = (ClipboardManager) getSystemService(CLIPBOARD_SERVICE);
ClipData clip = ClipData.newPlainText("Release", signatures[0].toCharsString());
clipboard.setPrimaryClip(clip);

So What's wrong with that code makes the comparing process not working correctly?

Answer 1

You compare strings with using != operator. This compares strings as links, not objects. You should use .equals(). Edited: Also for properly compare signatures :

MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signatures[0].toByteArray());
String signature = Base64.encodeToString(md.digest(), Base64.DEFAULT);
if (!signature.equals(SIGNATURE_KEY)){
    //do your logic
}