Getting certificate details from an apk
Try the following:
openssl pkcs7 -inform DER -in CERT.RSA -noout -print_certs -text
How do I find out which keystore was used to sign an app?
First, unzip the APK and extract the file /META-INF/ANDROID_.RSA (this file may also be CERT.RSA, but there should only be one .RSA file).
Then issue this command:
keytool -printcert -file ANDROID_.RSA
You will get certificate fingerprints like this:
MD5: B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB
SHA1: 16:59:E7:E3:0C:AA:7A:0D:F2:0D:05:20:12:A8:85:0B:32:C5:4F:68
Signature algorithm name: SHA1withRSA
Then use the keytool again to print out all the aliases of your signing keystore:
keytool -list -keystore my-signing-key.keystore
You will get a list of aliases and their certificate fingerprint:
android_key, Jan 23, 2010, PrivateKeyEntry,
Certificate fingerprint (MD5): B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB
Voila! we can now determined the apk has been signed with this keystore, and with the alias 'android_key'.
Keytool is part of Java, so make sure your PATH has Java installation dir in it.
How to view the identity of person who signed the apk on Android device?
(assuming you can obtain access to the raw apk file - which you usually can, if you know or make an educated guess of its name and location, even though you can't list the contents of /data on a non-rooted phone)
You could open the apk as a zip file and filter the ascii text from the binary content of META-INF/CERT.RSA
Or using an actual tool,
jarsigner -verify -certs -verbose some_application.apk
Of course the only way to verify that the signer is who they claim to be is to get something else signed with the same key from that party via direct or verified means and compare the signing key fingerprints - that is how Android itself verifies that app upgrades and app ID sharing come from the same party as the existing APK they target.
What is difference between signature and certificate in apk file?
When you compile your APK
, one of final steps is signing your APK
. Actually it is adding 3 small files. You can rename any APK
to ZIP
, unpack it and you will find directory META-INF
- it your signing information.
MANIFEST.MF
and CERT.SF
is very similar and contains list of files and their sha1/sha256 hash sums (one for files, second just for entries of first file), and CERT.RSA
which is x509
certificate with your public key.
The apk must be signed with the same certificates as the previous version
Nothing. Read the documentation: Publishing Updates on Android Market
Before uploading the updated application, be sure that you have incremented the android:versionCode and android:versionName attributes in the element of the manifest file. Also, the package name must be the same and the .apk must be signed with the same private key. If the package name and signing certificate do not match those of the existing version, Market will consider it a new application and will not offer it to users as an update.
Related Topics
Download Multiple Files with a Progress Bar in Listview Android
Fcm (Firebase Cloud Messaging) Push Notification with ASP.NET
Mediastore - Uri to Query All Types of Files (Media and Non-Media)
How to Add New Activity to Existing Project in Android Studio
How to Have a Gridview That Adapts Its Height When Items Are Added
Android - Inner Element Must Either Be a Resource Reference or Empty
Illegalstateexception: Can't Change Container Id of Fragment
Autocompletetextview Not Completing Words Inside Parentheses
Change the Right Margin of a View Programmatically
Error: Execution Failed for Task ':App:Clean'. Unable to Delete File
How to Perform a Fade Animation on Activity Transition
Android Location Manager, Get Gps Location ,If No Gps Then Get to Network Provider Location
Android Gridview Draw Dividers
Build Errors After Android Studio 3.2.1 Upgrade