How do I verify that an Android apk is signed with a release certificate?

How can I check that an Android apk is signed with a release and n开发者_如何学JAVAot debug cert?

Use this command, (go to java < jdk < bin path in cmd prompt)

$ jarsigner -verify -verbose -certs my_application.apk

If you see "CN=Android Debug", this means the .apk was signed with the debug key generated by the Android SDK (means it is unsigned), otherwise you will find something for CN. For more details see: http://developer.android.com/guide/publishing/app-signing.html

Use console command:

apksigner verify --print-certs application-development-release.apk

You could find apksigner in ../sdk/build-tools/24.0.3/apksigner.bat. Only for build tools v. 24.0.3 and higher.

Also read google docs: https://developer.android.com/studio/command-line/apksigner.html

The easiest of all:

keytool -list -printcert -jarfile file.apk

This uses the Java built-in keytool app and does not require extraction or any build-tools installation.

Use this command : (Jarsigner is in your Java bin folder goto java->jdk->bin path in cmd prompt)

$ jarsigner -verify my_signed.apk

If the .apk is signed properly, Jarsigner prints "jar verified"

Run this command in Terminal - if you have Android Studio.

$ /Applications/Android\ Studio.app/Contents/jre/Contents/Home/bin/keytool -printcert -jarfile example.apk
Not a signed jar file

• 1. unzip apk
• 2. keytool -printcert -file ANDROID_.RSA or keytool -list -printcert -jarfile app.apk to obtain the hash md5
• keytool -list -v -keystore clave-release.jks
• compare the md5

https://www.eovao.com/en/a/signature%20apk%20android/3/how-to-verify-signature-of-.apk-android-archive

Using keytool or jarsigner may not work for you. You need to first understand how signing works. See here.

If your min API is lower than 24, v1 signing will be included in apk (inside META_INF). And because of that, these two tools will "poop out" your cert keys.

If using min API 24 or higher, v1 signing will be excluded (unless you enable it on your own in build.gradle). In this case keytool or jarsigner don't work. They will output Not a signed jar file or jar is unsigned. To verify v2+ signature, you should use apksigner instead.

keytool -printcert -jarfile base.apk