Check signature of installed apps

Question

Check signature of installed apps

zjn0505 opened this issue 5 years ago · 2 comments

In v1.10.0, I added the feature to verify and print cert of local apk files.

I'm also interested in printing signature of installed apps on devices.
It will be a bounce to notify if the installation can be made because of signature conflict in ahead.

Need to figure out how to do that.

Answer 1 · 2021-07-13T01:44:17.000Z

https://android.googlesource.com/platform/frameworks/base/+/master/services/core/java/com/android/server/pm/PackageSignatures.java#311

adb shell dumpsys package xyz.jienan.xkcd | grep Signature

will print

signatures=PackageSignatures{397b94f version:3, signatures:[42590c97], past signatures:[]}

How is this related to apksigner verify --print-certs outputs.

Answer 2 · 2022-07-29T04:09:31.000Z

Cert hex can be found at /data/system/packages.xml

https://stackoverflow.com/a/28468108/5292852

Hex can be converted into cert

https://stackoverflow.com/a/58940306/5292852

Eventually

openssl x509 -noout -fingerprint -sha256 -inform pem -in a.cert