Thursday, October 1, 2015


Today I wanted to install a newer version on top of existing version of my app. So as usual I did

    adb install -r app.apk

It threw


But why ? So I wanted to check whether certificate has really changed since the last version.  To do this, you need to unzip the apk file and check inside.

1. Unzip the apk file.
2. Goto META-INF folder
3. "CERT.RSA" file is used to verify the signature

So, Now you need to look at whats the signature looks like. To do that,

    keytool -printcert -file CERT.RSA

Will output something like

    Owner: CN=Android Debug, O=Android, C=US
    Issuer: CN=Android Debug, O=Android, C=US
    Serial number: xxx
    Valid from: Thu Aug 01 14:20:26 ICT 2013 until: Sat Jul 25 14:20:26 ICT 2043
    Certificate fingerprints:
             MD5:  xxxx
             SHA1: xxxx
             Signature algorithm name: SHA1withRSA
             Version: 3

And when I compare with the newer version

    "Signature algorithm name: SHA256withRSA"

It appear newer version of the android build tool (23) is using  SHA256withRSA and older version (17) was using SHA1withRSA

No comments:

Post a Comment