Reputation: 11
Android - get list of installed apps signatures
So, Im using NIST provided database for android phones to detect malicious applications. The main source/database is looking like this:
"SHA-1","MD5","CRC32","FileName","FileSize","ProductCode","OpSystemCode","SpecialCode"
"0000000F8527DCCAB6642252BBCFA1B8072D33EE","68CE322D8A896B6E4E7E3F18339EC85C","E39149E4","Blended_Coolers_Vanilla_NL.png",30439,28948,"358",""
"00000091728653B7D55DF30BFAFE86C52F2F4A59","81AE5D302A0E6D33182CB69ED791181C","5594C3B0","ic_menu_notifications.png",366,31287,"358",""
"0000065F1900120613745CC5E25A57C84624DC2B","AEB7C147EF7B7CEE91807B500A378BA4","24400952","points_program_fragment.xml",1684,31743,"358",""
As you can see first column is SHA1 hash code of specific app. My ultimate goal is to get all installed apps signatures, i.e. SHA1 hash code to compare them with database and see which apps are harmful.
I spend some time for browsing the net. I came up with solution for my own app: https://gist.github.com/scottyab/b849701972d57cf9562e However, this returns only your app SHA1 hash code.
For example, in this way I can get all application packages names:
List<ApplicationInfo> packages = pm.getInstalledApplications(PackageManager.GET_META_DATA);
Maybe there is possibility to get all installed apps signatures? Let me know.
Upvotes: 0
Views: 2199
Answers (1)
Reputation: 3732
You should do like this:
void printSampleSha1List(Context ctx) {
List<ApplicationInfo> packages = ctx.getPackageManager().getInstalledApplications(PackageManager.GET_META_DATA);
for (int i = 0; i < packages.size(); ++i) {
PackageInfo packageInfo = null;
try {
packageInfo = ctx.getPackageManager().getPackageInfo(
packages.get(i).packageName, PackageManager.GET_SIGNATURES);
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
}
if (packageInfo != null) {
for (Signature signature : packageInfo.signatures) {
// SHA1 the signature
String sha1 = getSHA1(signature.toByteArray());
Log.i("Sha1", "name:" + packages.get(i).packageName + ", " + sha1);
//note sample just checks the first signature
break;
}
}
}
}
public static String getSHA1(byte[] sig) {
MessageDigest digest = null;
try {
digest = MessageDigest.getInstance("SHA1", "BC");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
}
digest.update(sig);
byte[] hashtext = digest.digest();
return bytesToHex(hashtext);
}
//util method to convert byte array to hex string
public static String bytesToHex(byte[] bytes) {
final char[] hexArray = {'0', '1', '2', '3', '4', '5', '6', '7', '8',
'9', 'A', 'B', 'C', 'D', 'E', 'F'};
char[] hexChars = new char[bytes.length * 2];
int v;
for (int j = 0; j < bytes.length; j++) {
v = bytes[j] & 0xFF;
hexChars[j * 2] = hexArray[v >>> 4];
hexChars[j * 2 + 1] = hexArray[v & 0x0F];
}
return new String(hexChars);
}
This will give you a list of SHA1 of signatures of all the packets on the device.
Upvotes: 1
Related Questions
- Get a list of installed applications in android
- Checking app release signature at runtime -- chicken and egg?
- NDK application Signature Check
- Android Security application signing
- Retrieve some info based on the apk signature
- Retrieve the apk signature at runtime for Android
- Signing android application
- Android Application APK signing?
- How to extract signatures of signed packages in Java?
- Need help getting a list of all apps installed on android phone