How can I verify a apk | Dave’s Brain

Programming Tips - How can I verify a apk

Date: 2019may30 OS: Android, Windows Q. How can I verify a apk A. Use jarsigner or apksigner jarsigner On Windows jarsigner is found in the %JAVA_HOME%\bin

cd f:\Program Files\Android\Android Studio\jre\bin jarsigner.exe -verify -verbose -certs f:\path\to\my.apk

Example Output:

- Signed by "CN=Your Name Here..." Digest algorithm: SHA1 Signature algorithm: SHA1withRSA, 2048-bit key jar verified. Warning: This jar contains entries whose certificate chain is not validated. This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2046-10-15) or after any future revocation date.

apksigner apksigner is part of the Android SDK.

cd f:\ForAndroidStudio\AndroidSdk\build-tools\28.0.3\28.0.3 set JAVA_HOME=f:\Program Files\Android\Android Studio\jre apksigner verify -verbose f:\path\to\my.apk

Example Output:

Verifies Verified using v1 scheme (JAR signing): true Verified using v2 scheme (APK Signature Scheme v2): true Number of signers: 1

Notice that it knows about the v2 scheme where jarsigner doesn't