Can I check if two android apps are signed with the same key?

Question

I want to check if signatures of App A and App B are the same.

I want to make the check in App A and call a method based on the result of that comparison.

public boolean compareAppSignatures() {
    Signature[] sigA = getPackageManager().getPackageInfo(getPackageName(),PackageManager.GET_SIGNATURES).signatures;
    Signature[] sigB = getPackageManager().getPackageInfo("<App B package name>",PackageManager.GET_SIGNATURES).signatures;
    return Arrays.equals(sigA, sigB);
}

Is this a good way to do it? Also, is there a way to check if they are signed with the same key? Can one android app get the signature list of any other app installed on the device?

score 0 · Answer 1 · answered Feb 27 '14 at 04:06

0

I don't think this can be achieved like that.

answered Feb 27 '14 at 04:06

Tech Agent

657
5
12

2

i think this should be a comment – Luis Pena Feb 27 '14 at 04:13

score 0 · Accepted Answer · answered Mar 07 '14 at 20:49

0

This is not guaranteed to work. An APK can be signed with multiple signatures. I need to check that App B contains a signing certificate that both apps trust.

answered Mar 07 '14 at 20:49

sr09

720
5
26

Btw, in that case, `GET_SIGNATURES` can't be used (for anyone that needs it). If the app is signed with only one, that's cool. If it's signed with multiple ones, all certificates must be verified, from what I'm been reading. (With `GET_SIGNING_CERTIFICATES` it's alright to just verify one though.) – Edw590 Jul 30 '21 at 00:20

Can I check if two android apps are signed with the same key?

2 Answers2