有没有办法确定Android应用程序是否在运行时签名生产或调试？ [英] Is there a way to determine whether an Android application is signed for production or debug at runtime?

问题描述

解决方案

是的，但是，是否有一种方法来确定Android应用程序是否在运行时签名生产或调试？没有100％可靠。默认（自动生成）证书具有DN'CN = Android Debug，O = Android，C = US'，如这里。如果您检查DN，它与默认值相匹配，则很可能是调试证书。没有任何东西阻止人们生成自己的调试证书或使用相同的调试证书进行生产和调试。

您可以使用 PackageManager获取签名证书。如下所示：

  PackageManager pm = context.getPackageManager（）; 
签名sig = packageManager.getPackageInfo（getPackageName（），
 PackageManager.GET_SIGNATURES）.signatures [0]; 
 CertificateFactory cf = CertificateFactory.getInstance（X.509）; 
 X509Certificate cert =（X509Certificate）cf.generateCertificate（
 new ByteArrayInputStream（sig.toByteArray（）））; 
 String dn = cert.getIssuerDN（）。getName（）; 
  

Is there a way to determine whether an Android application is signed for production or debug at runtime?

解决方案

Yes, but no 100% reliable. The default (auto-generated) certificate has the DN 'CN=Android Debug,O=Android,C=US' as described here. If you check the DN and it matches the default, it is most probably the debug certificate. Nothing prevents people from generating their own debug certificate or using the same one for production and debugging though.

You can get the signing certificate using PackageManager. Something like:

PackageManager pm = context.getPackageManager();
Signature sig = packageManager.getPackageInfo(getPackageName(), 
   PackageManager.GET_SIGNATURES).signatures[0];
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(
    new ByteArrayInputStream(sig.toByteArray()));
String dn = cert.getIssuerDN().getName();

这篇关于有没有办法确定Android应用程序是否在运行时签名生产或调试？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！