On Tue, Aug 30, 2011 at 1:32 AM, rerureru <[email protected]> wrote: > > 1. If I find the specific text, "Android Debug", then .apk is signed > with the debug key.(correct or incorrect?)
More or less. The auto-generated debug certificate always has the same CN. If the CN of the certificate in the APK matches, you can be reasonably sure that it's a debug build. That said, nothing prevents people from using the same CN for their release signing certificates (I guess the Android Market would probably reject those APKs though). For more details about the debug keystore and certificate: http://developer.android.com/guide/publishing/app-signing.html#debugmode > > 2. If I uncompressed .apk and there is no CERT.RSA(*.RSA, I guess some > case the file name is differnt) then .apk is unsigned. (correct or > incorrect?) > > Again, more or less. If the jar is signed using DSA, the name would be CERT.DSA. Read up on jar signing, an APK is just a jar file with a funny name. If you wanted to check for signing programatically, you can use the JarFile and JarEntry classes. JarEntry has a list of certificates if the jar is signed. http://download.oracle.com/javase/6/docs/api/java/util/jar/JarFile.html -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
