How to view the identity of person who signed the apk on Android device?

android certificate signature apk
Alexei Tymchenko picture Alexei Tymchenko · Dec 1, 2010 · Viewed 33.3k times · Source

I need to view who signed the application I have installed onto my device. Is this generally possible to do on the device or on PC?

Answer

Chris Stratton picture Chris Stratton · Dec 1, 2010

(assuming you can obtain access to the raw apk file - which you usually can, if you know or make an educated guess of its name and location, even though you can't list the contents of /data on a non-rooted phone)

You could open the apk as a zip file and filter the ascii text from the binary content of META-INF/CERT.RSA

Or using an actual tool,

jarsigner -verify -certs -verbose some_application.apk

Of course the only way to verify that the signer is who they claim to be is to get something else signed with the same key from that party via direct or verified means and compare the signing key fingerprints - that is how Android itself verifies that app upgrades and app ID sharing come from the same party as the existing APK they target.

Related questions

How to get APK signing signature?

Is there a way to retrieve the signature of the key used to sign an APK? I signed my APK with my key from my keystore. How can I retrieve it programmatically?

Read More
How to install trusted CA certificate on Android device?

I have created my own CA certificate and now I want to install it on my Android Froyo device (HTC Desire Z), so that the device trusts my certificate. Android stores CA certificates in its Java keystore in /system/etc/…

Read More
"Debug certificate expired" error in Eclipse Android plugins

I am using Eclipse Android plugins to build a project, but I am getting this error in the console window: [2010-02-03 10:31:14 - androidVNC]Error generating final archive: Debug certificate expired on 1/30/10 2:35 PM! How do I fix it?

Read More