bhh
Reputation: 105
What does PackageInfo.signatures return?
Why there are multiple signatures in this value? Are these values the public key of the package?
Can I uniquely identify a package using this signature instead of reading the files under META-INF, or calculating an MD5 on the whole APK file?
Upvotes: 4
Views: 4149
Answers (1)
Rupert Rawnsley
Reputation: 2659
According to @hackbod, this is all the public keys the APK was signed with
Despite its name, the contents of PackageInfo.signatures is the public keys your app is signed with. This absolutely, positively does not change between builds. This is the pure identify of the developer of the app.
Reference: https://groups.google.com/d/msg/android-developers/fPtdt6zDzns/MDqie6k7qo0J
Upvotes: 3
Related Questions
- How to use PackageInfo.GET_SIGNING_CERTIFICATES in API 28?
- Android APK signed with vendor keystore
- Check signature of an apk
- How to find out which signature verison an APK file has?
- Android - access the public key of its own in app runtime? Which the key-pair was used to sign the apk
- How to get APK signing signature?
- Android compare signature of current package with debug.keystore
- Android - How can I tell that an apk has been signed with my key
- Why is the PackageInfo.signatures field an array, and when would there be anything other than one value here?
- How to extract signatures of signed packages in Java?