Validating side-loaded APKs

Posted on Thu 13 August 2015 in android • Tagged with android, apk, debug

I was desperate to try Hangouts 4.0 for Android, but suspicious of side-loading. I wanted to verify the APK signature cert had Google's fingerprint of


Here's how to check the signatures on an APK, as usual, in shell functions (JDK needed)

apk-check () {
    jarsigner -verify -verbose -certs $1

apk-print-cert () {
    keytool -list -printcert -jarfile $1

# usage
# make sure it's verified
$ apk-check *apk|grep verified
  s = signature was verified
jar verified.
# show …
Continue reading