Does the following code (sign.hashCode()) gives me the hashCode of my signature or the hash of the object in the memory?
try {
PackageInfo packageInfo = getPackageManager().getPackageInfo(
"com.klxx.as", PackageManager.GET_SIGNATURES);
Signature[] signs = packageInfo.signatures;
Signature sign = signs[0];
Log.i("test", "hashCode : "+sign.hashCode());
} catch (Exception e) {
e.printStackTrace();
}
The documentation (here) only says the following which is like any other object.
a hash code value for this object.
But I have seen the above snippet in multiple websites claiming that it shows the sign of the apk. Also some other sources have used the bytes of signature to create the hash by themself.
Signature.hashCode() is overwritten and in this case is calculated on the content of the signature byte array.
You can see the source code to solve your doubts http://grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/5.1.1_r1/android/content/pm/Signature.java#Signature.hashCode%28%29