Hello all,
First, I know I should not do that, but that's the only way I found to
ensure the APK signature has not been tampered with and is not being
spoofed (that is the signatures as returned by normal API returns the
original APK signature but it no longer matches the real one!
So the below code works fine from 2.1 up-to 4.3 (tested ok), but fails
completely on KitKat. I know on KitKat is uses an extra parameter for user
ID, so I tried adding 0 or my app UID, does not work anymore!
Can anyone help please? Please don't waste space telling me I should not do
that, that's not the purpose of this post. I know I should not, but as long
as there is no actual APK protection on Android I'm left with no choice.
try
{
PackageManager pm = ctx.getPackageManager();
Field f = pm.getClass().getDeclaredField("mPM");
f.setAccessible(true);
Object obj = f.get(pm);
Method m = obj.getClass().getDeclaredMethod("asBinder");
IBinder mRemote = (IBinder) m.invoke(obj);
_data.writeInterfaceToken("android.content.pm.IPackageManager");
_data.writeString(ctx.getPackageName());
_data.writeInt(0x40);
if (Build.VERSION.SDK_INT >= *Build.VERSION_CODES.KITKAT*)
{
_data.writeInt(ctx.getApplicationInfo().uid); // *Also tried with 0, does
not help*
if (BuildConfig.DEBUG) Log.v(at_data.TAG, "Calling transact for signature
check with " + ctx.getPackageName() + ", " + 0x40 + ", " +
ctx.getApplicationInfo().uid);
}
else
{
if (BuildConfig.DEBUG) Log.v(at_data.TAG, "Calling transact for signature
check with " + ctx.getPackageName() + ", " + 0x40 + ", no UID");
}
mRemote.transact(1, _data, _reply, 0);
_reply.readException();
if ((0 != _reply.readInt()))
{
_result = PackageInfo.CREATOR.createFromParcel(_reply);
}
else
{
if (BuildConfig.DEBUG) Log.w(at_data.TAG, "Failed to retrieve app
signature, result = 0"); // *=> It gets here on KitKat!!!!*
}
}
catch (Throwable e)
{
if (BuildConfig.DEBUG) Log.w(at_data.TAG, "Failed to retrieve app
signature", e);
}
finally
{
_reply.recycle();
_data.recycle();
}
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
---
You received this message because you are subscribed to the Google Groups
"Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
