#post-568 .parallax .title, #post-568 .parallax .subtitle, #post-568 .parallax hr, #post-619 .parallax .title, #post-619 .parallax .subtitle, #post-619 .parallax hr { visibility: visible; opacity: 1; } #post-568 .parallax .title { margin-top: 215px; } #post-568 .parallax hr { left: 50%; margin-left: -100px; margin-top: 260px; } #post-568 .parallax .subtitle { margin-top: 280px; } #post-619 .parallax .title { margin-top: 85px; } #post-619 .parallax hr { left: 50%; margin-left: -100px; margin-top: 130px; } #post-619 .parallax .subtitle { margin-top: 145px; } .logo { position: absolute; z-index: 10; }

Home/Technology/Android/Who signed the .apk file?

Who signed the .apk file?

No Comments | 14. August 2015 | in Android, Mobile, Security | by Pablo Endres

After a while searching for an older version of an App from the Play Store, I finally found the version I wanted and downloaded it.
In order to install it, you have to “Allow the installation from unknown sources”. So there goes the chain of trust for the app.

So how do you know:

Where did the app came from ?
Did someone plant Malware in it?
Can I trust it?

These are cases for your trusted cryptographer or in the case your certificates.

Basically you need fo follow these steps:

# Dump the apk information
$ANDROID_HOME/build-tools/23.0.0_rc2/aapt dump badging www.apks.org-de.hafas.android.db.apk |grep package

# verify the signer
jarsigner -verbose -verify www.apks.org-de.hafas.android.db.apk |less

# Verify that all files have been signed with the same key
jarsigner -verbose -certs -verify www.apks.org-de.hafas.android.db.apk |less

No comments so far.

Who signed the .apk file?

Leave a Reply Cancel reply

Latest posts

Categories

Recent comments

Gal Dubitski - VoIP Engineer - Comvoz Communication, LLC / CEO at Tocarta