Home » Android » Reading app signatures from getPackageInfo: The app signatures could be exploited if not validated properly

Reading app signatures from getPackageInfo: The app signatures could be exploited if not validated properly

Posted by: admin November 1, 2017 Leave a comment

Questions:

I am checking and comparing app signature in splash screen for avoid hacking application as much as possible. I have implemented code in splash like below

Signature[] sigs = getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES).signatures;
            if(!sigs[0].toCharsString().equals(constant.sign))
            {
                Toast.makeText(SplashScreensActivity.this, "Dont try to hack it", Toast.LENGTH_LONG).show();
                finish();
                return;
            }

But its giving me lint warning like this

Reading app signatures from getPackageInfo: The app signatures could be exploited if not validated properly; see issue explanation for details.

How to remove this warning and make secure my application for hacking as much as possible ?

Thanks

Answers: