0

I want to check if an apk file is really from a specific developer and that the whole apk has no malware in it.

I unzipped the apk and in the sub-folder META/INF I used the following command in Ubuntu:

keytool -printcert -file RELEASE_.DSA

If I use this technique with a "clean.apk" and a "suspicious.apk" file from the same developer and the MD5 / SHA1 are the same ... does this mean that the "suspicious.apk" really is "clean" ?

Does this work like GnuPG verifying a file? Or is this not reliable to check for integrity / authencity of an apk file?

user3200534
  • 113
  • 1
  • 4
  • 1
    I don't understand this concept of "clean" software; unless you've built it yourself, every software is suspect. – wbogacz Oct 11 '16 at 23:49
  • http://android.stackexchange.com/questions/9312/how-can-i-verify-the-authenticity-of-an-apk-file-i-downloaded/9328 – user3200534 Oct 12 '16 at 00:43

0 Answers0