Reputation: 1187
What are the purpose of checksum and signature in android dex file header?
As we know, all android dex file has a dex file header located at the beginning of the dex file which can be described as DexHeader, but why are there checksum and signature, what are the purpose of them? if it's for integrity verification, signature is enough, there is no need for the existence of checksum.
Upvotes: 0
Views: 2164
Answers (1)
Reputation: 4668
They are both basically different.
Signature is for Integrity while Checksum is for validity. Hence if a dex file checksum does not match its content then the file is marked as invalid.
Furthermore: you need to find out what makes up a dex file checksum and signature and how is validated. If the file checksum is invalid there is no essence of checking the integrity of its signature (An error is thrown). The main point of the signature is not only for integrity but also to uniquely identify the file;
For example: when you optimise a dex file, the size is affected and the checksum value is updated, nevertheless the signature remains constant because the data contained in it is still the same. As you can see they both serve a different purpose; using the signature the original dex file can always be tracked and using the checksum we can know if the contents of the file is relative to its size whether optimised/un-optimised.
Upvotes: 3
Related Questions
- Signed apk android. What does Android use the signature for?
- What are the purposes of files in META-INF folder of an APK file?
- APK checksum- Binary Code Protection
- What reasons does it have to sign apk?
- NDK application Signature Check
- Why CERT.SF file is need to verify an apk in android?
- What is difference between signature and certificate in apk file?
- Android signature verification
- BillingSecurity.verifyPurchase - what are is signedData and signature?
- Signing a Android App: What about the various fields?