Browse - Programming Tips - How can I verify a apk

Date: 2019may30
OS: Android, Windows

Q.  How can I verify a apk

A.  Use jarsigner or apksigner

jarsigner
On Windows jarsigner is found in the %JAVA_HOME%\bin

cd f:\Program Files\Android\Android Studio\jre\bin jarsigner.exe -verify -verbose -certs f:\path\to\my.apk
Example Output:
- Signed by "CN=Your Name Here..." Digest algorithm: SHA1 Signature algorithm: SHA1withRSA, 2048-bit key jar verified. Warning: This jar contains entries whose certificate chain is not validated. This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2046-10-15) or after any future revocation date.
apksigner apksigner is part of the Android SDK.
cd f:\ForAndroidStudio\AndroidSdk\build-tools\28.0.3\28.0.3 set JAVA_HOME=f:\Program Files\Android\Android Studio\jre apksigner verify -verbose f:\path\to\my.apk
Example Output:
Verifies Verified using v1 scheme (JAR signing): true Verified using v2 scheme (APK Signature Scheme v2): true Number of signers: 1
Notice that it knows about the v2 scheme where jarsigner doesn't