core/androidx.core.content.pm/PackageInfoCompat/hasSignatures

hasSignatures

open fun hasSignatures(@NonNull packageManager: PackageManager, @NonNull packageName: String, @Size(min = 1) @NonNull certificatesAndType: Map<Array<Byte>, Integer>, matchExact: Boolean): Boolean(source)

Check if a package on device contains set of a certificates. Supported types are raw X509 or SHA-256 bytes.

Return

true if the package is considered signed by the given certificate set, or false otherwise

Parameters

packageManager

The PackageManager instance to query against.

packageName

The package to query the {@param packageManager} for. Query by app UID is only supported by manually choosing a package name returned in getPackagesForUid.

certificatesAndType

The bytes of the certificate mapped to the type, either CERT_INPUT_RAW_X509 or CERT_INPUT_SHA256. A single or multiple certificates may be included.

matchExact

Whether or not to check for presence of all signatures exactly. If false, then the check will succeed if the query contains a subset of the package certificates. Matching exactly is strongly recommended when running on devices below LOLLIPOP due to the fake ID vulnerability that allows a package to be modified to include an unverified signature.

Throws

PackageManager.NameNotFoundException

if the package cannot be found through the provided {@param packageManager}