Hello guys I am trying to implement anti tamper protection and verify app signature in xamarin forms android app. Currently I am using this code:
var context = Android.App.Application.Context;
Signature sigs = context.PackageManager.GetPackageInfo(context.PackageName, PackageInfoFlags.Signatures).Signatures[0];
DisplayAlert("sigs.ToString()", sigs.ToString(), "ok"); //1331014879
DisplayAlert(" sigs.GetHashCode().ToString()", sigs.GetHashCode().ToString(), "ok"); // android.content.pm.Signature@4f55acdf
sigs.GetHashCode().ToString() returns 1331014879
sigs.ToString() returns android.content.pm.Signature@4f55acdf
But I think I may be doing it wrong. Does this is correct way to get verify android app signature at runtime ? Else please provide me code and guidance. Thanks.
If API28 or higher you should check for multipleSigners as well like this thread. How to use PackageInfo.GET_SIGNING_CERTIFICATES in API 28?
Here is xamarin.android code.
public string Sig_Hash()
{
var Context = Android.App.Application.Context;
foreach (Android.Content.PM.Signature signature in Context.PackageManager.GetPackageInfo(Context.PackageName, PackageInfoFlags.Signatures ).Signatures)
{
using (SHA1Managed sha1 = new SHA1Managed())
{
var hash = sha1.ComputeHash(signature.ToByteArray());
var sb = new StringBuilder(hash.Length * 2);
foreach (byte b in hash)
{
sb.Append(b.ToString("X2"));
}
return sb.ToString();
}
}
return "";
}