如何检查APK是否签名或“调试构建”? [英] How to check if APK is signed or "debug build"?
问题描述
我需要这样才能从Web服务数据调试ListView项目(不,logcat不是一个选项)。
我的想法:
- 应用程序的
android:debuggable,但由于某些原因看起来不可靠。 - 硬编码设备ID不是一个好主意,因为我使用相同的设备来测试签名的APK。
- 在代码中使用手动标记?有理由,但是一定会忘记改变,加上所有程序员都很懒。
有不同的方式来检查应用程序是使用调试还是发布证书构建,但是对我来说似乎最好。
根据Android文档中的信息< a href =http://developer.android.com/tools/publishing/app-signing.html =noreferrer>签署您的应用程序,调试键包含以下主题识别名称: CN = Android Debug,O = Android,C = US 。我们可以使用此信息来测试包是否使用调试密钥进行签名,而无需将调试密钥签名硬编码到我们的代码中。
给定:
import android.content.pm.Signature;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
你可以这样实现一个isDebuggable方法:
$ pre>
private static final X500Principal DEBUG_DN = new X500Principal(CN = Android Debug,O = Android,C = US);
private boolean isDebuggable(Context ctx)
{
boolean debuggable = false;
try
{
PackageInfo pinfo = ctx.getPackageManager()。getPackageInfo(ctx.getPackageName(),PackageManager.GET_SIGNATURES);
签名签名[] = pinfo.signatures;
CertificateFactory cf = CertificateFactory.getInstance(X.509);
for(int i = 0; i< signatures.length; i ++)
{
ByteArrayInputStream stream = new ByteArrayInputStream(signatures [i] .toByteArray());
X509Certificate cert =(X509Certificate)cf.generateCertificate(stream);
debuggable = cert.getSubjectX500Principal()。equals(DEBUG_DN);
if(可调试)
break;
}
}
catch(NameNotFoundException e)
{
//可调试变量将保持为false
}
catch(CertificateException e)
{
// debuggable变量将保持为false
}
return debuggable;
}
As far as I know, in android "release build" is signed APK. How to check it from code or does Eclipse has some kinda of secret defines?
I need this to debug populating ListView items from web service data (no, logcat not an option).
My thoughts:
- Application's
android:debuggable, but for some reason that doesn't look reliable. - Hard-coding device ID isn't good idea, because I am using same device for testing signed APKs.
- Using manual flag somewhere in code? Plausible, but gonna definitely forget to change at some time, plus all programmers are lazy.
There are different way to check if the application is build using debug or release certificate, but the following way seems best to me.
According to the info in Android documentation Signing Your Application, debug key contain following subject distinguished name: "CN=Android Debug,O=Android,C=US". We can use this information to test if package is signed with debug key without hardcoding debug key signature into our code.
Given:
import android.content.pm.Signature;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
You can implement an isDebuggable method this way:
private static final X500Principal DEBUG_DN = new X500Principal("CN=Android Debug,O=Android,C=US");
private boolean isDebuggable(Context ctx)
{
boolean debuggable = false;
try
{
PackageInfo pinfo = ctx.getPackageManager().getPackageInfo(ctx.getPackageName(),PackageManager.GET_SIGNATURES);
Signature signatures[] = pinfo.signatures;
CertificateFactory cf = CertificateFactory.getInstance("X.509");
for ( int i = 0; i < signatures.length;i++)
{
ByteArrayInputStream stream = new ByteArrayInputStream(signatures[i].toByteArray());
X509Certificate cert = (X509Certificate) cf.generateCertificate(stream);
debuggable = cert.getSubjectX500Principal().equals(DEBUG_DN);
if (debuggable)
break;
}
}
catch (NameNotFoundException e)
{
//debuggable variable will remain false
}
catch (CertificateException e)
{
//debuggable variable will remain false
}
return debuggable;
}
这篇关于如何检查APK是否签名或“调试构建”?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
