我有这段代码(从这里复制它:https://www.airpair.com/android/posts/adding-tampering-detection-to-your-android-app)来为我的Android应用程序添加篡改保护。
可以通过多个签名向Play商店提交申请吗?
我是否还要验证方法packageInfo.signatures仅返回一个签名?或者apk可以有多个签名,所有签名都有效吗?
private static final int VALID = 0;
private static final int INVALID = 1;
public static int checkAppSignature(Context context) {
try {
PackageInfo packageInfo = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET\_SIGNATURES);
for (Signature signature : packageInfo.signatures) {
byte[] signatureBytes = signature.toByteArray();
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
final String currentSignature = Base64.encodeToString(md.digest(), Base64.DEFAULT);
//compare signatures
if (SIGNATURE.equals(currentSignature)){
return VALID;
};
}
} catch (Exception e) {
//assumes an issue in checking signature., but we let the caller decide on what to do.
}
return INVALID;
}