sentry-java icon indicating copy to clipboard operation
sentry-java copied to clipboard

Published 20 hours ago verified publisher icon getsentry

Report app's signature as part of app context

Open marandaneto opened this issue 2 years ago • 0 comments

Description

This can be used to understand if strange errors are thrown from reverse-engineered apps or if it's your own app. This can be sensitive, maybe it should be hidden behind a flag. If possible, that applies to Apple apps as well.

@Suppress("DEPRECATION")
fun Context.getPackageInfoCompat(): PackageInfo =
  if (VERSION.SDK_INT >= VERSION_CODES.P) {
      packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNING_CERTIFICATES)
  } else {
      packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNATURES)
  }

@Suppress("DEPRECATION")
fun Context.getApkSignaturesCompat(): Array<Signature> =
  if (VERSION.SDK_INT >= VERSION_CODES.P) {
      getPackageInfoCompat().signingInfo.apkContentsSigners
  } else {
      getPackageInfoCompat().signatures
  }

fun bytesToHex(bytes: ByteArray): String {
    val builder = StringBuilder()
    bytes.forEachIndexed { index, byte ->
        builder.append("%02x".format(Locale.ROOT, byte).uppercase())
        if (index < bytes.size - 1) {
            builder.append(":")
        }
    }
    return builder.toString()
}

fun getAppSignatureHash(context: Context): String? = kotlin.runCatching {
    val md = MessageDigest.getInstance("SHA-256")
    val sig = context.getApkSignaturesCompat().firstOrNull() ?: return null
    md.update(sig.toByteArray())
    val digest = md.digest()
    bytesToHex(digest)
}.getOrNull()

//...
val signature = getAppSignatureHash(context)

marandaneto avatar Jul 06 '23 11:07 marandaneto