PackageInfoCompat

Added in 1.1.0

public final class PackageInfoCompat


Helper for accessing features in PackageInfo.

Summary

Public methods

static long

Return versionCode and versionCodeMajor combined together as a single long value.

static @NonNull List<Signature>
getSignatures(
    @NonNull PackageManager packageManager,
    @NonNull String packageName
)

Retrieve the Signature array for the given package.

static boolean
hasSignatures(
    @NonNull PackageManager packageManager,
    @NonNull String packageName,
    @Size(min = 1) @NonNull Map<byte[], Integer> certificatesAndType,
    boolean matchExact
)

Check if a package on device contains set of a certificates.

Public methods

getLongVersionCode

Added in 1.1.0
public static long getLongVersionCode(@NonNull PackageInfo info)

Return versionCode and versionCodeMajor combined together as a single long value. The versionCodeMajor is placed in the upper 32 bits on Android P or newer, otherwise these bits are all set to 0.

getSignatures

Added in 1.5.0
public static @NonNull List<SignaturegetSignatures(
    @NonNull PackageManager packageManager,
    @NonNull String packageName
)

Retrieve the Signature array for the given package. This returns some of certificates, depending on whether the package in question is multi-signed or has signing history.

Security/identity verification should not be done with this method. This is only intended to return some array of certificates that correspond to a package.

If verification if required, either use hasSignatures or manually verify the set of certificates using GET_SIGNING_CERTIFICATES or GET_SIGNATURES.

Parameters
@NonNull PackageManager packageManager

The PackageManager instance to query against.

@NonNull String packageName

The package to query the {@param packageManager} for. Query by app UID is only supported by manually choosing a package name returned in getPackagesForUid.

Returns
@NonNull List<Signature>

an array of certificates the app is signed with

Throws
android.content.pm.PackageManager.NameNotFoundException

if the package cannot be found through the provided {@param packageManager}

hasSignatures

Added in 1.5.0
public static boolean hasSignatures(
    @NonNull PackageManager packageManager,
    @NonNull String packageName,
    @Size(min = 1) @NonNull Map<byte[], Integer> certificatesAndType,
    boolean matchExact
)

Check if a package on device contains set of a certificates. Supported types are raw X509 or SHA-256 bytes.

Parameters
@NonNull PackageManager packageManager

The PackageManager instance to query against.

@NonNull String packageName

The package to query the {@param packageManager} for. Query by app UID is only supported by manually choosing a package name returned in getPackagesForUid.

@Size(min = 1) @NonNull Map<byte[], Integer> certificatesAndType

The bytes of the certificate mapped to the type, either CERT_INPUT_RAW_X509 or CERT_INPUT_SHA256. A single or multiple certificates may be included.

boolean matchExact

Whether or not to check for presence of all signatures exactly. If false, then the check will succeed if the query contains a subset of the package certificates. Matching exactly is strongly recommended when running on devices below LOLLIPOP due to the fake ID vulnerability that allows a package to be modified to include an unverified signature.

Returns
boolean

true if the package is considered signed by the given certificate set, or false otherwise

Throws
android.content.pm.PackageManager.NameNotFoundException

if the package cannot be found through the provided {@param packageManager}