介绍
Android应用程序被压缩、打包和分发为.apk文件,类似于.jar或.zip文件。它们通常包含应用程序需要的所有编译资源(编译代码、图像、布局、xml文件、数据库等)。但是,apk可以用简单的归档软件提取,编译后的源代码可以用APKTool
和Dex2Jar
等免费开源工具轻松反编译。
内容
1.校验自身签名与预设字符串是否相同
private static final int VALID = 0;
private static final int INVALID = 1;
public static int checkAppSignature(Context context) {
try {
PackageInfo packageInfo = context.getPackageManager()
.getPackageInfo(context.getPackageName(),
PackageManager.GET\_SIGNATURES);
for (Signature signature : packageInfo.signatures) {
byte[] signatureBytes = signature.toByteArray();
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
final String currentSignature = Base64.encodeToString(md.digest(), Base64.DEFAULT);
Log.d("REMOVE\_ME", "Include this string as a value for SIGNATURE:" + currentSignature);
//compare signatures
if (SIGNATURE.equals(currentSignature)){
return VALID;
};
}
} catch (Exception e) {
//assumes an issue in checking signature., but we let the caller decide on what to do.
}
return INVALID;
}
2.验证安装程序
private static final String PLAY\_STORE\_APP\_ID = "com.android.vending";
public static boolean verifyInstaller(final Context context) {
final String installer = context.getPackageManager()
.getInstallerPackageName(context.getPackageName());
return installer != null
&& installer.startsWith(PLAY\_STORE\_APP\_ID);
}
3.环境检查
获得@hide方法(反射)
private static String getSystemProperty(String name)
throws Exception {
Class systemPropertyClazz = Class
.forName("android.os.SystemProperties");
return (String) systemPropertyClazz.getMethod("get", new Class[] { String.class })
.invoke(systemPropertyClazz, new Object[] { name });
获取虚拟机中运行的一些参数
public static boolean checkEmulator() {
try {
boolean goldfish = getSystemProperty("ro.hardware").contains("goldfish");
boolean emu = getSystemProperty("ro.kernel.qemu").length() > 0;
boolean sdk = getSystemProperty("ro.product.model").equals("sdk");
if (emu || goldfish || sdk) {
return true;
}
} catch (Exception e) {
}
return false;
}
检查是否debug模式
public static boolean checkDebuggable(Context context){
return (context.getApplicationInfo().flags & ApplicationInfo.FLAG\_DEBUGGABLE) != 0;
}