APK signature checker

Translate the description into English (United States) using Google Translate?Translate the description back to Japanese (Japan)




+signature permissionやsharedUserIdの影響範囲を確認出来ます。
signature permissionやsharedUserIdの情報はアプリインストール画面では確認出来ないので、どのアプリがどのアプリと連携しているのかが確認し辛かったりします。



[※ http://www.jssec.org/report/20121119_securecoding.html ]


Q. 複数の署名が行われたAPKのハッシュ値は?
A. タブ区切りテキストで出力されるハッシュ値は、1つ目の署名のものだけになります。2つ目以降の署名のハッシュ値情報は、詳細画面の表示/テキストでご確認ください。

Q.secroidでHIGHと判定されるんだけど… [ http://secroid.jp/d/d/a/0/com.casraq.android.apksignaturechecker.html ]
A.今後ともsecroidをご利用ください。でもって当アプリは「インストールされているアプリ一覧」を*外部ネットワーク等へ*は送信していません。アプリ内部と[共有]ボタンを押した共有先アプリにのみ情報が渡っています。具体的な動作はこちら→ [ http://d.hatena.ne.jp/popokann/20130123/1358945414 ] をご覧ください。

Q. SDカードに保存したAPKは解析出来る?
A. 対応していません。要望次第で実装しますが、出来れば権限READ_EXTERNAL_STORAGEを付けたくありません。近々別アプリでリリースしようと模索中です。期待しないでお待ち下さい。

Q. 処理が遅いです。何とかなりませんか?
A. 諦めて下さい。
From the installed application, it is an app that examine the signature information to the terminal.
You can be like without using keytool / jarsigner / openssl in PC remove the APK bother to check the signature information on the terminal app Android.
I work long tap or appropriately, or if you call up the menu.

+ + + + Useless

+ You can see the application of the same signature.
Also the name of a different app developer, you can check the actual app but signed with the same key.
Will be making a decision when I thought "...? Maybe the same two apps, the author actually." (This is a reference level, because there is a possibility to sign with another key)

+ You can see the extent of the impact of sharedUserId and signature permission.
sharedUserId information and signature permission can not be confirmed because the apps installed on the screen, which we or painful app whether you are linked and how to check app.
Decided that you need to make sure AndroidManifest utilization is real, in a simple "What a group using the same signature application B and application A is" app "D app and C is" Do What shareUserId same thing you can.

+ You can reference to the signature of the other apps.
If "I have tried to develop Android, I also do not know ... what do I enter to create keystore" such as, you can reference to the signature of the other apps.
You can reference to other apps such as good or people, to the full extent of the validity period is to how much.

+ Tab delimited text output function
When you select the menu [text], you will display a dialog box with the details of the data that is currently displayed in the tab-delimited text.
Do you want to copy to the clipboard selected as it is, I would be sent to the mailer and put in a text editor and click Sharing.
You might want to sit down and transferred to a PC to browse the information that you saved, and then loaded into the causes, such as Excel.
Since the process is very slow, I recommend that you work in when you have time, however.

+ You can verify the hash value of the signature.
You can verify the hash value of the MD5 · SHA1 · SHA256.
It might be useful when incorporating's JSSEC "Secure Coding Guide," such as those used in (※), check processing signature hash value of the calling application.
[※ http://www.jssec.org/report/20121119_securecoding.html]

+ Other
Look in the signature of the pre-application, you can develop a system on its own delusion.
I might enjoy the delusion "This app is not to trouble, here is the application of a development team is full of bugs ... any different?" I see.

Hash value of the signature of the multiple APK Q. has been performed?
Hash value is output in tab-delimited text A. is the only one of the first signature. Hash value of the signature information of the second and subsequent, please check / display text on the screen for more information.

I ... [http://secroid.jp/d/d/a/0/com.casraq.android.apksignaturechecker.html]'m being judged on Q.secroid HIGH
Please use the future secroid A.. * Etc. * External network is not sending to the "List of apps that are installed" I though this app. Information is shared across destination only app within the app and press the Share button. Specific operation, refer to → [http://d.hatena.ne.jp/popokann/20130123/1358945414] here.

APK saved Q. SD card can be analyzed?
Not supported A.. Although the implementation depending on demand, I do not want to give the authority READ_EXTERNAL_STORAGE if possible. Is exploring another attempt to release the app in the near future. Please wait without hope.

It is a slow process Q.. You Can not you do something?
Please give up A..
Read more
63 total

What's New

2013/01/23 version 0.1.2 バグ修正
2012/12/04 version 0.1.1 初版リリース
Read more

Additional Information

January 28, 2013
Current Version
Requires Android
1.6 and up
Content Rating
Offered By
popokan.n @ casraq.com
©2018 GoogleSite Terms of ServicePrivacyDevelopersArtistsAbout Google|Location: United StatesLanguage: English (United States)
By purchasing this item, you are transacting with Google Payments and agreeing to the Google Payments Terms of Service and Privacy Notice.