Is there a way to determine whether an Android application is signed for production

Question

0

Editorial Team

Asked: May 27, 20262026-05-27T11:45:20+00:00 2026-05-27T11:45:20+00:00

Is there a way to determine whether an Android application is signed for production

0

Is there a way to determine whether an Android application is signed for production or debug at runtime?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T11:45:20+00:00

Yes, but no 100% reliable. The default (auto-generated) certificate has the DN ‘CN=Android Debug,O=Android,C=US’ as described here. If you check the DN and it matches the default, it is most probably the debug certificate. Nothing prevents people from generating their own debug certificate or using the same one for production and debugging though.

You can get the signing certificate using PackageManager. Something like:

PackageManager pm = context.getPackageManager();
Signature sig = pm.getPackageInfo(getPackageName(), 
   PackageManager.GET_SIGNATURES).signatures[0];
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(
    new ByteArrayInputStream(sig.toByteArray()));
String dn = cert.getIssuerDN().getName();

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Is there a way to determine whether an Android application is signed for production

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply