Android App Masquerading its Certificate Thumbprint / Fingerprints? How To Verify?

I have an APK that is signed by a company that I find highly unlikely to have actually signed the APK, verified by:

keytool -printcert -jarfile someAppName.apk

I suspect the app author is masquerading the APK as being signed by a company it has not been signed by.

How do I easily / best verify that? I see there's a few websites to verify fingerprints of websites, but what about mobile apps?

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s