As the title explains, I would like to know if there's a way (code) to know that the produced app (.apk) is signed with a Debug certificate or Export certificate? I would like to check this inside my app so that i can enable/disable some features depending on the type of certificate.
I wonder how Google verifies this information at the time when we upload an app in Market through Developer Console?
any suggestion/code would be appreciated.
I use
final PackageInfo info = mContext.getPackageManager().getPackageInfo(mContext.getPackageName(), 0);
ApplicationUtils.DEBUG_ENABLED = (info.applicationInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
to enable/disable debug logging.
I found this resource, which describes what you are trying to solve. This page describes how to get information about a keystore in code.
http://daniel-codes.blogspot.com/2011/04/detecting-keystore-signature-in-code.html
You will only be able to deploy your app to the Android Market with your Export certificate.
The AM will reject your APK if it is not signed with the same certificate you used when you uploaded your first APK.
It looks like you can get info about the Public key from the: javax.security.auth.Subject package (try the getPublicCredentials() method). I haven't used it myself.
The company name is called Android Debug for the debug key.
Run jarsigner -verbose -certs -verify against the debug and the signed apks. You will see for the debug apk, the CN field is called Android Debug. For your signed apk, it is the name of the key signer.
This is probably how Google and other markets check the key when uploading to the market. Like others said, you will not be able to upload an app signed with a debug key to the market, so I don't know why you would need to check this.
