如何在 Android 设备上查看签署 apk 的人的身份? [英] How to view the identity of person who signed the apk on Android device?

问题描述

我需要查看谁对我安装到我的设备上的应用程序进行了签名.这通常可以在设备上还是在 PC 上执行?

I need to view who signed the application I have installed onto my device. Is this generally possible to do on the device or on PC?

推荐答案

(假设您可以获得原始 apk 文件的访问权限 - 如果您知道或对其名称和位置进行有根据的猜测，您通常可以访问，即使你不能在非root手机上列出/data的内容)

(assuming you can obtain access to the raw apk file - which you usually can, if you know or make an educated guess of its name and location, even though you can't list the contents of /data on a non-rooted phone)

您可以将 apk 作为 zip 文件打开并从 META-INF/CERT.RSA 的二进制内容中过滤 ascii 文本

You could open the apk as a zip file and filter the ascii text from the binary content of META-INF/CERT.RSA

或使用实际工具，

jarsigner -verify -certs -verbose some_application.apk

当然，验证签名者是他们声称的身份的唯一方法是通过直接或验证方式从该方获取使用相同密钥签名的其他东西，并比较签名密钥指纹 - 这就是 Android 本身验证的方式应用升级和应用 ID 共享与其定位的现有 APK 来自同一方.

Of course the only way to verify that the signer is who they claim to be is to get something else signed with the same key from that party via direct or verified means and compare the signing key fingerprints - that is how Android itself verifies that app upgrades and app ID sharing come from the same party as the existing APK they target.

这篇关于如何在 Android 设备上查看签署 apk 的人的身份?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！