I'm creating an unlock app that will remove ads and unlock premium features in a few apps. My plan is to just call PackageManager and verify the unlock app is installed, and if it is, verify the signatures to ensure it's actually my application. I'm following this answer here: Detect if app was downloaded from Android Market
However, I guess I'm a little confused on what signature I'm verifying... It's my public key, correct? If so, how do I extract that from an existing app or keystore?
The easiest way is to use the same signing key for both apps and then check in your main app if the unlock app is installed and was signed with same key using code like this:
PackageManager manager = App.getContext().getPackageManager();
bool unlockAppInstalled = manager.checkSignatures("<main app package name>, "<unlock app package name>") == PackageManager.SIGNATURE_MATCH;
unlockAppInstalled will only be true if the unlock app is installed and was signed with the same key.