How to verify that app was signed by my certificate?

Question

How do I check if the signature of my app matches the signature of the certificate that I used to sign it?

This is how I should be able to get the certificates fingerpri

Answer 1

Use your code for collecting the fingerprint on the device in "test" mode -- meaning you have temporary code to emit that fingerprint to the log (or elsewhere). Be sure to test this using your production signing key, not the debug key!

Once you know from the device's perspective, you can remove the temporary code and elsewhere you can compare to what you've previously determined to be the key.

Be aware though that you're probably doing this to prevent someone from modifying your app and re-signing it with another key, but someone with the ability to do that also has the ability to modify your key checking. This is a problem that can be addressed with additional obfuscation but you'll need to come up with your own solution to minimize the chance of an attacker knowing what to look for.