Hi All, Sorry if this has already been answered, but searching for this is returning piles of LVL-related posts.
We recently discovered that our app's apk is being unpacked, modified, then resigned and re-distributed without our approval. What's the proper way of checking for a modified apk signature? Currently I have something in place where I get the PackageInfo's signatures (e.g. getPackageManager().getPackageInfo) and feed them into X509Certificate which i use to check the issuer DN. This will at least tell me that the DN changed, but that's obviously easily to get around. What's the proper way to go about checking the package signature with a remote service? Or am I going about this all wrong? Perhaps checksums are the better way to go? Thank You, -Chad -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en