GET_SIGNATURES is deprecated

Question

Im trying to share content to Facebook in my Android app and I need a Key Hash... but I can't view the HashKey on my logcat because GET_SIGNATURES is deprecated... Are there any ways to view my hashkey?

Here is the code

public class MainActivity extends AppCompatActivity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
        printhashkey();
    }



    public void printhashkey(){

        try {
            PackageInfo info = getPackageManager().getPackageInfo(
                    "com.capstone.facebookshare",
                    PackageManager.GET_SIGNATURES);

            for (Signature signature : info.signatures) {
                MessageDigest md = MessageDigest.getInstance("SHA");
                md.update(signature.toByteArray());
                Log.d("KeyHash:", Base64.encodeToString(md.digest(), Base64.DEFAULT));
            }
        } catch (PackageManager.NameNotFoundException e) {

        } catch (NoSuchAlgorithmException e) {

        }

    }
}

Does this answer your question? [How to use PackageInfo.GET\_SIGNING\_CERTIFICATES in API 28?](https://stackoverflow.com/questions/52041805/how-to-use-packageinfo-get-signing-certificates-in-api-28) — Nimrod Dayan, Nov 17 '20 at 08:55
Here is the complete solution https://stackoverflow.com/a/68718505/8663316 — Faizan Haidar Khan, Aug 09 '21 at 22:09

Martin Zeitler · Answer 1 · 2021-06-02T12:40:15.927

11

Use PackageManager.GET_SIGNING_CERTIFICATES for API 28.

edited Jun 02 '21 at 12:40

answered Oct 19 '18 at 18:33

Martin Zeitler

1
19
155
216

1

in this line of code for (Signature signature : info.signatures) ...signatures is also deprecated – James1234 Oct 20 '18 at 17:38
This is Android PIe – Vlad Jan 20 '19 at 17:39

score 5 · Answer 2 · answered May 08 '20 at 07:29

Get package signatures:

private static List<String> getSignatures(@NonNull PackageManager pm, @NonNull String packageName) {
            try {
                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
                    PackageInfo packageInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNING_CERTIFICATES);
                    if (packageInfo == null
                            || packageInfo.signingInfo == null) {
                        return null;
                    }
                    if(packageInfo.signingInfo.hasMultipleSigners()){
                        return signatureDigest(packageInfo.signingInfo.getApkContentsSigners());
                    }
                    else{
                        return signatureDigest(packageInfo.signingInfo.getSigningCertificateHistory());
                    }
                }
                else {
                    @SuppressLint("PackageManagerGetSignatures")
                    PackageInfo packageInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNATURES);
                    if (packageInfo == null
                            || packageInfo.signatures == null
                            || packageInfo.signatures.length == 0
                            || packageInfo.signatures[0] == null) {
                        return null;
                    }
                    return signatureDigest(packageInfo.signatures);
                }
            } catch (PackageManager.NameNotFoundException e) {
                return null;
            }
        }

Convert signatures to list of hex strings:

        private static String signatureDigest(Signature sig) {
            byte[] signature = sig.toByteArray();
            try {
                MessageDigest md = MessageDigest.getInstance("SHA1");
                byte[] digest = md.digest(signature);
                return BaseEncoding.base16().lowerCase().encode(digest);
            } catch (NoSuchAlgorithmException e) {
                return null;
            }
        }
        private static List<String> signatureDigest(Signature[] sigList) {
            List<String> signaturesList= new ArrayList<>();
            for (Signature signature: sigList) {
                if(signature!=null) {
                    signaturesList.add(signatureDigest(signature));
                }
            }
           return signturesList;
        }

Compare package signatures with your whitelist:

    private static boolean verifyAppSignature(Context context) {
        //you should load approvedSignatures from a secure place not plain text
        List<String> approvedSignatures = new ArrayList<>();
        approvedSignatures.add("Your whitelist #1");
        approvedSignatures.add("Your whitelist #2");

        List<String> currentSignatures = getSignatures(context.getPackageManager(), context.getPackageName());
        if(currentSignatures!=null && currentSignatures.size()>0) {
            //first checking if no unapproved signatures exist
            for (String signatureHex : currentSignatures) {
                if (!approvedSignatures.contains(signatureHex)) {
                    return false;
                }
            }
            //now checking if any of approved signatures exist
            for (String signatureHex : currentSignatures) {
                if (approvedSignatures.contains(signatureHex)) {
                    return true;
                }
            }
        }
        return false;
    }

What is signatureDigest ? – Saurabh Padwekar Dec 09 '20 at 07:42 — Saurabh Padwekar, Dec 09 '20 at 07:42

GET_SIGNATURES is deprecated

2 Answers2

Linked