0

I am trying to compare Signature verification of my APK at run time with the original Signature key "The same one!", I follow that answer so it's mustn't kill my app because it's the same one!, but it's kills the app as it's not the same one and show the toast.

That's the code

public void checkSignature(final Context context) {
    try {
        signatures = context.getPackageManager()
                .getPackageInfo(context.getPackageName(),
                        PackageManager.GET_SIGNATURES).signatures;

        if (signatures[0].toString() != SIGNATURE_KEY) {
            // Kill the process without warning. If someone changed the certificate
            // is better not to give a hint about why the app stopped working
            android.os.Process.killProcess(android.os.Process.myPid());
            Toast.makeText(getApplicationContext(), "Not working", Toast.LENGTH_LONG).show();
        }
    } catch (PackageManager.NameNotFoundException ex) {
        // Must never fail, so if it does, means someone played with the apk, so kill the process
        android.os.Process.killProcess(android.os.Process.myPid());

    }
}

I used that code to get the Signature code at runtime more than time and every time gives me the same! "it's happens when i tap on button"

ClipboardManager clipboard = (ClipboardManager) getSystemService(CLIPBOARD_SERVICE);
ClipData clip = ClipData.newPlainText("Release", signatures[0].toCharsString());
clipboard.setPrimaryClip(clip);

So What's wrong with that code makes the comparing process not working correctly?

Community
  • 1
  • 1
Mohamed
  • 656
  • 9
  • 28

1 Answers1

1

You compare strings with using != operator. This compares strings as links, not objects. You should use .equals(). Edited: Also for properly compare signatures :

MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signatures[0].toByteArray());
String signature = Base64.encodeToString(md.digest(), Base64.DEFAULT);
if (!signature.equals(SIGNATURE_KEY)){
    //do your logic
}
Beloo
  • 9,723
  • 7
  • 40
  • 71
  • `.equals()` only available from SDK 19 and above and my mine sdk is 10 & actually i try it and still have the problem. – Mohamed Sep 30 '15 at 22:56
  • What? .equals() is a default method of Object java class. Have you tried !signatures[0].toString().equals(SIGNATURE_KEY) ? (As i understand SIGNATURE_KEY is your String constant with hash key) – Beloo Sep 30 '15 at 23:00
  • Actually i used another one, but yours still not working, and yes it's my key in constant. – Mohamed Sep 30 '15 at 23:05
  • Same error still present! i think the problem in that line but don't know how! `signatures = context.getPackageManager() .getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures;` – Mohamed Sep 30 '15 at 23:28