Should we also check for the number of signatures on Android tampering detection -

- August 15, 2012

i have code (copied here: https://www.airpair.com/android/posts/adding-tampering-detection-to-your-android-app) add tampering protection android application.

it possible submit application play store multiple signatures?

should validate method packageinfo.signatures returns 1 signature? or apk can have multiple signatures , of them valid?

private static final int valid = 0; private static final int invalid = 1;  public static int checkappsignature(context context) {      try {         packageinfo packageinfo = context.getpackagemanager().getpackageinfo(context.getpackagename(), packagemanager.get\_signatures);          (signature signature : packageinfo.signatures) {             byte[] signaturebytes = signature.tobytearray();             messagedigest md = messagedigest.getinstance("sha");             md.update(signature.tobytearray());             final string currentsignature = base64.encodetostring(md.digest(), base64.default);              //compare signatures             if (signature.equals(currentsignature)){                 return valid;             };         }     } catch (exception e) {         //assumes issue in checking signature., let caller decide on do.     }      return invalid; }

Search This Blog

If code

Should we also check for the number of signatures on Android tampering detection -

Comments

Post a Comment

Popular posts from this blog

how to insert data php javascript mysql with multiple array session 2 -

multithreading - Exception in Application constructor -

windows - CertCreateCertificateContext returns CRYPT_E_ASN1_BADTAG / 8009310b -