Home/ Questions/Q 8235841
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T18:57:07+00:00

As far as I know, in android release build is signed APK. How to

  • 0

As far as I know, in android “release build” is signed APK. How to check it from code or does Eclipse has some kinda of secret defines?

I need this to debug populating ListView items from web service data (no, logcat not an option).

My thoughts:

  • Application’s android:debuggable, but for some reason that doesn’t look reliable.
  • Hard-coding device ID isn’t good idea, because I am using same device for testing signed APKs.
  • Using manual flag somewhere in code? Plausible, but gonna definitely forget to change at some time, plus all programmers are lazy.
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There are different way to check if the application is build using debug or release certificate, but the following way seems best to me.

    According to the info in Android documentation Signing Your Application, debug key contain following subject distinguished name: “CN=Android Debug,O=Android,C=US“. We can use this information to test if package is signed with debug key without hardcoding debug key signature into our code.

    Given:

    import android.content.pm.Signature;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

    You can implement an isDebuggable method this way:

    private static final X500Principal DEBUG_DN = new X500Principal("CN=Android Debug,O=Android,C=US");
private boolean isDebuggable(Context ctx)
{
    boolean debuggable = false;

    try
    {
        PackageInfo pinfo = ctx.getPackageManager().getPackageInfo(ctx.getPackageName(),PackageManager.GET_SIGNATURES);
        Signature signatures[] = pinfo.signatures;

        CertificateFactory cf = CertificateFactory.getInstance("X.509");

        for ( int i = 0; i < signatures.length;i++)
        {   
            ByteArrayInputStream stream = new ByteArrayInputStream(signatures[i].toByteArray());
            X509Certificate cert = (X509Certificate) cf.generateCertificate(stream);       
            debuggable = cert.getSubjectX500Principal().equals(DEBUG_DN);
            if (debuggable)
                break;
        }
    }
    catch (NameNotFoundException e)
    {
        //debuggable variable will remain false
    }
    catch (CertificateException e)
    {
        //debuggable variable will remain false
    }
    return debuggable;
}
    • 0