[android-developers] Re: Possible to check .apk signature?

So what is protecting the application from forgery?

On Oct 7, 7:39 pm, Dianne Hackborn <hack...@android.com> wrote:
> On Wed, Oct 6, 2010 at 3:44 PM, DanH <danhi...@ieee.org> wrote:
> > Supposedly PackageInfo.signatures[0] gives you the signature.
> > However, there's a Catch22:  You can't get the signature until the app
> > is packaged, and you can't modify the app to insert the signature
> > after it's been packaged.
>
> Despite its name, the contents of PackageInfo.signatures is the public keys
> your app is signed with.  This absolutely, positively does not change
> between builds.  This is the pure identify of the developer of the app.
>
> --
> Dianne Hackborn
> Android framework engineer
> hack...@android.com
>
> Note: please don't send private questions to me, as I don't have time to
> provide private support, and so won't reply to such e-mails.  All such
> questions should be posted on public forums, where I and others can see and
> answer them.

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en