Can we find out who has developed the app by looking on the signature?

Question

Is it possible that the published app is not signed by its developer andd if yes, How can we find out who is the app developer?

score 1 · Accepted Answer · answered Jan 20 '20 at 01:34

1

Yes it's possible, you can check by unzipping the APK, finding the META-INF/CERT.RSA file which contains the developer's public key and using the command openssl pkcs7 -in /path/to/extracted/apk/META-INF/CERT.RSA -inform DER -print.

For more info have a look at the first section of this link: https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/.

answered Jan 20 '20 at 01:34

trishmapow

301
3
8

The way you describe only works for APKs that are signed with the old v1 signature scheme. For APKs that are only signed using v2 or v3 signature scheme you need apksigner tool for the Android SDK. See this answer how to to use apksigner to verify the issuer of an APK file. – Robert Jan 20 '20 at 08:31

Can we find out who has developed the app by looking on the signature?

1 Answers1