鲁达 验证APP的签名(防篡改)
Android 安全的基石之一是所有的APP都必须经过数据签名。
准备工作
keytool -genkey -v -keystore mya -alias Myapp -keyalg RSA -keysize 2048 -validity 10000
查看keystore的MD5 及SHA1
keytool -list -v -keystore mya
代码添加
private static String CERTIFICATE_SHA1="E17F3EBA28E3B637EF422712352402AC86B5DCD8"; public static boolean validateAppSignature(Context context){ try{ //get the signature from the package manager PackageInfo packageInfo=con().getPackageInfo(),PackageManager.GET_SIGNATURES); Signature[] appSignature = ; //THIS SAMPLE ONLY CHECK THE FIRST CERTIFICATION for (Signature signature : appSignature){ byte [] signatureBytes = (); //calc SHA1 in hex String currentSignature = calcSHA1(signatureBytes); return CERTIFICATE_SHA1.equalsIgnoreCase(currentSignature); } }catch (Exception e){ e.printStackTrace(); } return false; } private static String calcSHA1(byte[] signatureBytes) throws NoSuchAlgorithmException { MessageDigest md = Me("SHA1"); (signatureBytes); byte[] signatureHash = md.digest(signatureBytes); return byteToHex(signatureHash); } private static String byteToHex(byte[] bytes) { final char[] hexArray={'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'}; char[] hexChars = new char[by * 2]; int v; for (int j=0; j < by; j++){ v = bytes[j] & 0xFF; hexChars[j*2] = hexArray[v >>> 4]; hexChars[j*2 + 1 ] = hexArray[v & 0x0f]; } return new String(hexChars); }然后在代码的不同地方调用些方法就可以了,多处验证