Is there a way to determine whether an Android application is signed for production or debug at runtime?

后端 未结 4 499
执念已碎
执念已碎 2021-02-06 15:33

Is there a way to determine whether an Android application is signed for production or debug at runtime?

相关标签:
4条回答
  • 2021-02-06 16:05
    private static Boolean isDebugBuild = null;
        protected boolean isDebugBuild() {
            if(isDebugBuild == null) {
                PackageManager pm = getPackageManager();
                try {
                    PackageInfo pi = pm.getPackageInfo(getPackageName(), 0);
                    isSignedWithDebugKey = (pi.applicationInfo.flags &
                        ApplicationInfo.FLAG_DEBUGGABLE) != 0;
                }
                catch(NameNotFoundException nnfe) {
                    nnfe.printStackTrace();
                    isDebugBuild = false;
                }
            }
    
            return isDebugBuild;
        }
    

    Since ADT 8, if you don't specifically add debuggable="true" to your manifest, debug builds will have it set to true, and exported / signed builds will have it set to false.

    It sounds like this is might be a more reliable method (as long as you don't manually set debuggable..) to determine if it is a debug vs release build, but not specifically if the certificate was a debug cert - which was your question, so my answer might not be relevant for you.

    0 讨论(0)
  • 2021-02-06 16:06

    Yes, but no 100% reliable. The default (auto-generated) certificate has the DN 'CN=Android Debug,O=Android,C=US' as described here. If you check the DN and it matches the default, it is most probably the debug certificate. Nothing prevents people from generating their own debug certificate or using the same one for production and debugging though.

    You can get the signing certificate using PackageManager. Something like:

    PackageManager pm = context.getPackageManager();
    Signature sig = pm.getPackageInfo(getPackageName(), 
       PackageManager.GET_SIGNATURES).signatures[0];
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert = (X509Certificate) cf.generateCertificate(
        new ByteArrayInputStream(sig.toByteArray()));
    String dn = cert.getIssuerDN().getName();
    
    0 讨论(0)
  • 2021-02-06 16:13

    The post android-automatically-choose-debug-release-maps-api-key Has another packagemanger based solution. Basicaly you compare to the hashCode of the actual signatuse. Working well for me for sorting out the maps key automaticaly

    0 讨论(0)
  • 2021-02-06 16:19

    We use a much simpler way:

    if (BuildConfig.DEBUG) {
        // we're in debug mode
    } else {
        // we're in production mode
    }
    
    0 讨论(0)
提交回复
热议问题