I have a piece of code in my application that retrieves the application certificate

Question

0

Asked: June 10, 20262026-06-10T06:08:30+00:00 2026-06-10T06:08:30+00:00

I have a piece of code in my application that retrieves the application certificate

0

I have a piece of code in my application that retrieves the application certificate at runtime and uses it as a key to encrypt some confidential information.

Is it possible for some attacker to get that certificate byte[] by decompiling my code or is that certificate only visible to my application?

Here is how I get the certificate:

    PackageManager pm = this.getPackageManager();
    String packageName = this.getPackageName();
    int field = PackageManager.GET_SIGNATURES;
    PackageInfo packageInfo;

    packageInfo = pm.getPackageInfo(packageName, field);

    Signature[] signatures = packageInfo.signatures;

    // and here we have the DER encoded X.509 certificate
    byte[] certificate = signatures[0].toByteArray()

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-10T06:08:32+00:00

Editorial Team

2026-06-10T06:08:32+00:00Added an answer on June 10, 2026 at 6:08 am

PackageInfo signature is public key,

It is not private key. And this key is accessible to any app installed on your phone.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a piece of code in my application that retrieves the application certificate

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply