我想在我正在开发的Android应用中添加篡改检查代码以防止它被盗版。
我使用了这段代码:
public class MainActivity extends ActionBarActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
if (checkAppSignature(this) == true){
Toast.makeText(getApplicationContext(), "invalid", Toast.LENGTH_LONG).show();
}
else{
Toast.makeText(getApplicationContext(), "valid", Toast.LENGTH_LONG).show(); }
}
public static final String SIGNATUREE = "aqKTfwHKzuY52bukXMaRKgXPQyA=";
public static boolean checkAppSignature(Context context) {
try {
PackageInfo packageInfo = context.getPackageManager()
.getPackageInfo(context.getPackageName(),
PackageManager.GET_SIGNATURES);
for (Signature signature : packageInfo.signatures) {
byte[] signatureBytes = signature.toByteArray();
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
final String currentSignature = Base64.encodeToString(md.digest(), Base64.DEFAULT);
//compare signatures
if (SIGNATUREE.equals(currentSignature)){
return false;
}
}
} catch (Exception e) {
}
return true;
}
}
我在create上调用checkAppSignature(this)来检查代码是否匹配。我使用的代码是:
Log.d("CODE", "SIGNATURE:" + currentSignature);
要获取我在此处输入的代码:
Public static final String SIGNATUREE = "aqKTfwHKzuY52bukXMaRKgXPQyA=";
并且日志显示相同的值但是,每次toast弹出都是无效的。
任何人都可以提供一些修复或提供良好的保护代码吗?
答案 0 :(得分:0)
比较SIGNATURE和currentSignature时,请使用.trim():
SIGNATURE.equals(currentSignature.trim())