How to Check If APK Is Signed or "Debug Build"

How to check if APK is signed or debug build?

There are different way to check if the application is build using debug or release certificate, but the following way seems best to me.

According to the info in Android documentation Signing Your Application, debug key contain following subject distinguished name: "CN=Android Debug,O=Android,C=US". We can use this information to test if package is signed with debug key without hardcoding debug key signature into our code.

Given:

import android.content.pm.Signature;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

You can implement an isDebuggable method this way:

private static final X500Principal DEBUG_DN = new X500Principal("CN=Android Debug,O=Android,C=US");
private boolean isDebuggable(Context ctx)
{
    boolean debuggable = false;

    try
    {
        PackageInfo pinfo = ctx.getPackageManager().getPackageInfo(ctx.getPackageName(),PackageManager.GET_SIGNATURES);
        Signature signatures[] = pinfo.signatures;

        CertificateFactory cf = CertificateFactory.getInstance("X.509");

        for ( int i = 0; i < signatures.length;i++)
        {   
            ByteArrayInputStream stream = new ByteArrayInputStream(signatures[i].toByteArray());
            X509Certificate cert = (X509Certificate) cf.generateCertificate(stream);       
            debuggable = cert.getSubjectX500Principal().equals(DEBUG_DN);
            if (debuggable)
                break;
        }
    }
    catch (NameNotFoundException e)
    {
        //debuggable variable will remain false
    }
    catch (CertificateException e)
    {
        //debuggable variable will remain false
    }
    return debuggable;
}

adb shell command to check the apk is debug or release signed?

If you want to check whether the apk is debuggable use the below aapt command.

aapt dump badging /path/to/apk | grep -c application-debuggable

Outputs 1: Debuggable
Outputs 0: Not Debuggable.

How do I detect if I am in release or debug mode?

The simplest, and best long-term solution, is to use BuildConfig.DEBUG. This is a boolean value that will be true for a debug build, false otherwise:

if (BuildConfig.DEBUG) {
  // do something for a debug build
}

There have been reports that this value is not 100% reliable from Eclipse-based builds, though I personally have not encountered a problem, so I cannot say how much of an issue it really is.

If you are using Android Studio, or if you are using Gradle from the command line, you can add your own stuff to BuildConfig or otherwise tweak the debug and release build types to help distinguish these situations at runtime.

The solution from Illegal Argument is based on the value of the android:debuggable flag in the manifest. If that is how you wish to distinguish a "debug" build from a "release" build, then by definition, that's the best solution. However, bear in mind that going forward, the debuggable flag is really an independent concept from what Gradle/Android Studio consider a "debug" build to be. Any build type can elect to set the debuggable flag to whatever value that makes sense for that developer and for that build type.

Which build should be shared with QA for testing? Signed release apk or Signed debug apk?

Signed Debug, will also give you the ability to ADB into the devices and access logs/act on crashes.

You might consider using something like Crashlytics in addition to capture any stacktraces you might not have the ability to get yourself at the time of a crash.

You uploaded an APK that was signed in debug mode. You need to sign your APK in release mode error

I don't know how you do that in Maven, but you need to compile your app with a release keystore. You can create one with keytool, which is available in your Java bin folder:

$ keytool -genkey -v -keystore my-release-key.keystore
-alias alias_name -keyalg RSA -keysize 2048 -validity 10000

When creating it, you must supply two passwords, one for the keystore and one for the key. When your keystore is created, you can use the Eclipse Export wizard to compile your app in release mode.

For further details, please refer to http://developer.android.com/tools/publishing/app-signing.html#releasemode

How to Debug an APK Signed Release? (Using VS Code for development)

Looking at this post it would appear that you can add a signing config to your debug build configuration in build.gradle. This should allow you to not worry about having to generate the release apk and trying to debug that. However if that doesn't solve the problem for you, you should be able to mark the release build with debuggable true and minifyEnabled false, then attach VS code to a running process on android.

You have sent a signed APK or Android App Bundle in debug mode. Sign it in release mode. How to fix it (flutter)

Remove the duplicate buildType release

    buildTypes {
        release {
            // TODO: Add your own signing config for the release build.
            // Signing with the debug keys for now,
            // so `flutter run --release` works.
            signingConfig signingConfigs.debug
        }
    }

Or rename to debug.

buildTypes {
    release {
        signingConfig signingConfigs.release
    }
    debug {
        signingConfig signingConfigs.debug
    }
}

---

Related Topics