How to view the signature information of apk?

To view the signature information of an APK (Android Package) file, you can use tools like keytool and apksigner provided by the Android SDK. Here's how to do it:

Method 1: Using apksigner (Recommended for modern APKs)

1. Install Android SDK Build Tools: Ensure you have the Android SDK installed, specifically the build-tools package.
2. Run the command:

   apksigner verify --print-certs your_app.apk
   

   This will display the signature information, including the certificate details (issuer, subject, serial number, etc.).

Method 2: Using keytool (For older APKs or JAR files)

1. Extract the certificate:
   • Rename the APK to .zip and extract it.
   • Navigate to the META-INF folder and find the .RSA or .DSA file (e.g., CERT.RSA).
2. Run the command:

   keytool -printcert -file META-INF/CERT.RSA
   

   This will show the certificate details used to sign the APK.

Example Output:

When you run apksigner verify --print-certs your_app.apk, you might see:

Signer #1 certificate DN: CN=Your Name, OU=Your Org, O=Your Company, L=City, ST=State, C=Country
Signer #1 certificate SHA-256 digest: abc123...
Signer #1 certificate SHA-1 digest: def456...
Signer #1 certificate MD5 digest: ghi789...

Cloud-Based APK Analysis (Optional):

If you need to analyze APKs at scale or integrate this into a CI/CD pipeline, consider using Tencent Cloud's Container Registry or Code Analysis Services for automated signing verification and security checks. These services can help ensure the integrity and authenticity of your APKs during development and deployment.

For example, Tencent Cloud's Code Security service can scan APKs for vulnerabilities and verify signatures as part of a secure development workflow.