scottyab/SignatureCheck.java

## SignatureCheck.java
import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.Signature;

public class TamperCheck {

//we store the hash of the signture for a little more protection
private static final String APP_SIGNATURE = "1038C0E34658923C4192E61B16846";

  /**
	 * Query the signature for this application to detect whether it matches the
	 * signature of the real developer. If it doesn't the app must have been
	 * resigned, which indicates it may been tampered with.
	 *
	 * @param context
	 * @return true if the app's signature matches the expected signature.
	 * @throws NameNotFoundException
	 */
	public boolean validateAppSignature(Context context) throws NameNotFoundException {

		PackageInfo packageInfo = context.getPackageManager().getPackageInfo(
				getPackageName(), PackageManager.GET_SIGNATURES);
    //note sample just checks the first signature
		for (Signature signature : packageInfo.signatures) {
			// SHA1 the signature
			String sha1 = getSHA1(signature.toByteArray());
			// check is matches hardcoded value
			return APP_SIGNATURE.equals(sha1);
		}

		return false;
	}

  //computed the sha1 hash of the signature
  public static String getSHA1(byte[] sig) {
  		MessageDigest digest = MessageDigest.getInstance("SHA1");
			digest.update(sig);
			byte[] hashtext = digest.digest();
			return bytesToHex(hashtext);
	}

  //util method to convert byte array to hex string
  public static String bytesToHex(byte[] bytes) {
  	final char[] hexArray = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
				'9', 'A', 'B', 'C', 'D', 'E', 'F' };
		char[] hexChars = new char[bytes.length * 2];
		int v;
		for (int j = 0; j < bytes.length; j++) {
			v = bytes[j] & 0xFF;
			hexChars[j * 2] = hexArray[v >>> 4];
			hexChars[j * 2 + 1] = hexArray[v & 0x0F];
		}
		return new String(hexChars);
	}


}
	import android.content.Context;
	import android.content.pm.PackageInfo;
	import android.content.pm.PackageManager;
	import android.content.pm.PackageManager.NameNotFoundException;
	import android.content.pm.Signature;

	public class TamperCheck {

	//we store the hash of the signture for a little more protection
	private static final String APP_SIGNATURE = "1038C0E34658923C4192E61B16846";

	/**
	* Query the signature for this application to detect whether it matches the
	* signature of the real developer. If it doesn't the app must have been
	* resigned, which indicates it may been tampered with.
	*
	* @param context
	* @return true if the app's signature matches the expected signature.
	* @throws NameNotFoundException
	*/
	public boolean validateAppSignature(Context context) throws NameNotFoundException {

	PackageInfo packageInfo = context.getPackageManager().getPackageInfo(
	getPackageName(), PackageManager.GET_SIGNATURES);
	//note sample just checks the first signature
	for (Signature signature : packageInfo.signatures) {
	// SHA1 the signature
	String sha1 = getSHA1(signature.toByteArray());
	// check is matches hardcoded value
	return APP_SIGNATURE.equals(sha1);
	}

	return false;
	}

	//computed the sha1 hash of the signature
	public static String getSHA1(byte[] sig) {
	MessageDigest digest = MessageDigest.getInstance("SHA1");
	digest.update(sig);
	byte[] hashtext = digest.digest();
	return bytesToHex(hashtext);
	}

	//util method to convert byte array to hex string
	public static String bytesToHex(byte[] bytes) {
	final char[] hexArray = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
	'9', 'A', 'B', 'C', 'D', 'E', 'F' };
	char[] hexChars = new char[bytes.length * 2];
	int v;
	for (int j = 0; j < bytes.length; j++) {
	v = bytes[j] & 0xFF;
	hexChars[j * 2] = hexArray[v >>> 4];
	hexChars[j * 2 + 1] = hexArray[v & 0x0F];
	}
	return new String(hexChars);
	}


	}