certainly capable of removing any checks you may put in there to
verify any of those things you are mentioning.
On Nov 11, 10:21 am, Sheado <chad...@gmail.com> wrote:
> Hi All,
>
> Sorry if this has already been answered, but searching for this is
> returning piles of LVL-related posts.
>
> We recently discovered that our app's apk is being unpacked, modified,
> then resigned and re-distributed without our approval. What's the
> proper way of checking for a modified apk signature?
>
> Currently I have something in place where I get the PackageInfo's
> signatures (e.g. getPackageManager().getPackageInfo) and feed them
> into X509Certificate which i use to check the issuer DN.
>
> This will at least tell me that the DN changed, but that's obviously
> easily to get around.
> What's the proper way to go about checking the package signature with
> a remote service?
>
> Or am I going about this all wrong? Perhaps checksums are the better
> way to go?
>
> Thank You,
> -Chad
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
No comments:
Post a Comment