Android – Self-checking an APK’s signature

androidapkdigital-signature

I would like to programmatically perform a check on the APK's signature at runtime. I own a keystore on my development workstation, so I could know (dunno how) the public key I'm signing an APK with.

Once I know what the public key will be after signage, I would like to put in the source code and check if the currently running application matches the key.

Is it possible? If so, how do I obtain the public key from an Eclipse-generated keystore?

Thanks.

Best Answer

You could try this, it should work

Signature[] sigs = getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures;
    for (Signature sig : sigs)
    {
        // log the sig here
    }