0

I wish to check if two applications have same signature. I saw a similar question here :

Can I check if two android apps are signed with the same key?

I am able to get the procedure described but in the comments its written " This is not guaranteed to work " . On what parameter does the signature become unique. Can I use the hashcode of signature to compare signatures. please help !

link4pp
  • 1
  • 2

2 Answers2

3

Simplest way to check 2 apps:

int i = mContext.getPackageManager().checkSignatures(pkg1, pkg2);
boolean matching = i == PackageManager.SIGNATURE_MATCH;
defim
  • 456
  • 6
  • 9
0

An apk can have multiple signatures. The right way of comparing the signatures is using the hashCode() method.

You can create a HashSet of the signatures of the two packages using the following code snippet(modified for your need, not tested yet)

HashSet<String> signatureSet = new HashSet<String>();   
Signature[] signatures = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures;
for (Signature signature : signatures)
{
    signatureSet.add(signature.hashCode());
}

Now you can use set operations to check how similar the signatures are. e.g, to check if app1 has all the signatures of app2(this should suffice most of the times).

signatureSet1.containsAll(signatureSet2);
Aman Gautam
  • 3,549
  • 2
  • 21
  • 25
  • Thanx for the response . The requirement is that I need to store the signature data in a database and then while comparing retrieve those signature data . However, the database won't store a data of type Signature[] , and hence, there comes a need to store byte array or hashcode ( int) of the signature in the database. If comparing hashcode of signature is okay enough then it solves the problem. Moreover , which one is reliable bytearray or hashcode method ? – link4pp Oct 07 '14 at 09:04
  • Comparing hashCodes is usually enough. For multiple signatures in the same app, you may want to use Set operations. There can be several options for storing the signatures in the database as string... One can be using normalization and other can be using serialization. – Aman Gautam Oct 07 '14 at 09:36