Using PackageInfo.signatures to get public ke

by Yuliy Pisetsky » Fri, 16 Jul 2010 06:35:17 GMT


Sponsored Links
 Hi,

I was wondering if there's any more detail that can be extracted from
PackageInfo.signatures. For instance, can we extract the public key
that was used to sign the package? (and trust that the OS had already
verified that the APK was indeed signed with the corresponding private
key). What I'd want to do is to be able to have a list of trusted
partners that are allowed to call my app, with those partners all
having separate keys. I'd have a database of partners and their public
keys available somehow (embedded or on a web site), and would be able
to make security decisions based on who the caller is (while reducing
the risk of the user making an incorrect decision and granting an app
which shouldn't have that access the permission to call my app.

-Yuliy



Other Threads

1. TTS 1.9 not working in Emulator. Please help.

Last I tried (about a month ago), the TTS tutorial worked on the
emulator.

Have you tried looking at logcat to get a more detailed message about
the problem?

- Greg




-- 

2. Picking up a PhoneBook entry under Android 2.0 !!!

Thanks Jarkman for your perspectives on this.

2 additional questions;

- can the emulator simulate accessing a gmail account ? (as ways to avoid
dealing with the Accountmanager APIs)

- A more general and critical question; if apps start to have to behave
differently based on the Android OS version they run on, there are a lot of
implications;









> 

3. How to enable different css in WebView

4. ADC 2 Education Winners (top 20) With Links!

5. How can I enable the Google search by voice in Android phone (HTC dream)

6. K9 Mai

7. Clear difference between local and remote service?