前言
最近有一个项目是要求客户安装的apk只能是带系统签名的应用,其他应用不能安装,思路是验证系统签名的sha-1来验证
下面是实战代码
一、如何获取系统签名?
aosp中签名文件是源码中/build/target/product/security/目录下,预装应用或者系统应用在编译时会签名,获取签名的sha-1的方法也很简单,在源码中获取就行,这里是获取setting的签名例子:
/rk3288-7.1-git$ keytool -list -printcert -jarfile out/target/product/rk3288/system/priv-app/Settings/Settings.apk
Signer #1:
Signature:
Owner: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
Issuer: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
Serial number: ff0641323cf95512
Valid from: Tue Dec 23 14:43:41 CST 2014 until: Sat May 10 14:43:41 CST 2042
Certificate fingerprints:
MD5: 0E:BA:50:A4:5C:15:B3: