Validating side-loaded APKs

Posted on Thu 13 August 2015 in android • Tagged with android, apk, debugLeave a comment

I was desperate to try Hangouts 4.0 for Android, but suspicious of side-loading. I wanted to verify the APK signature cert had Google's fingerprint of

38:91:8A:45:3D:07:19:93:54:F8:B1:9A:F0:5E:C6:56:2C:ED:57:88

Here's how to check the signatures on an APK, as usual, in shell functions (JDK needed)

apk-check () {
    jarsigner -verify -verbose -certs $1
}

apk-print-cert () {
    keytool -list -printcert -jarfile $1
}

# usage
# make sure it's verified
$ apk-check *apk|grep verified
  s = signature was verified
jar verified.
# show cert identifier
$ apk-check *apk …
Continue reading