[android-developers] Re: Verifying app signatures

Some developers publish the same apk (signed by the same certificate)
on both the Android market and other channels.
In that case checking the public key of the signing certificate would
not work.

The only way to really ensure that an app is installed from Android
market would be to use the same APIs(internal and unpublished) that
the Android market uses to implement LVL.

--MB

PS: Would it be possible to share what is the end goal of this
exercise?

On Nov 22, 12:17 pm, Fernando T <ftr...@gmail.com> wrote:
> So we want to verify that all apps on a phone come from the Android
> Market, because the setting to install apps only from the market can
> be turned on and off, in addition to apps being installed with adb,
> etc.
>
> One way I thought to do this is to make sure that it is signed by the
> developer of the app, or by the same certificate as it is in the
> Market. Even if different versions are installed, the certificate
> should match. Is there a way to programmatically get either the APK or
> the signature of the APK from the Android Market?

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en