PackageInfoCompat

Added in 1.1.0

class PackageInfoCompat


Helper for accessing features in PackageInfo.

Summary

Public functions

java-static Long

Return versionCode and versionCodeMajor combined together as a single long value.

java-static (Mutable)List<Signature!>
getSignatures(packageManager: PackageManager, packageName: String)

Retrieve the Signature array for the given package.

java-static Boolean
hasSignatures(
    packageManager: PackageManager,
    packageName: String,
    certificatesAndType: @Size(min = 1) (Mutable)Map<ByteArray!, Int!>,
    matchExact: Boolean
)

Check if a package on device contains set of a certificates.

Public functions

getLongVersionCode

Added in 1.1.0
java-static fun getLongVersionCode(info: PackageInfo): Long

Return versionCode and versionCodeMajor combined together as a single long value. The versionCodeMajor is placed in the upper 32 bits on Android P or newer, otherwise these bits are all set to 0.

getSignatures

Added in 1.5.0
java-static fun getSignatures(packageManager: PackageManager, packageName: String): (Mutable)List<Signature!>

Retrieve the Signature array for the given package. This returns some of certificates, depending on whether the package in question is multi-signed or has signing history.

Security/identity verification should not be done with this method. This is only intended to return some array of certificates that correspond to a package.

If verification if required, either use hasSignatures or manually verify the set of certificates using GET_SIGNING_CERTIFICATES or GET_SIGNATURES.

Parameters
packageManager: PackageManager

The PackageManager instance to query against.

packageName: String

The package to query the {@param packageManager} for. Query by app UID is only supported by manually choosing a package name returned in getPackagesForUid.

Returns
(Mutable)List<Signature!>

an array of certificates the app is signed with

Throws
android.content.pm.PackageManager.NameNotFoundException

if the package cannot be found through the provided {@param packageManager}

hasSignatures

Added in 1.5.0
java-static fun hasSignatures(
    packageManager: PackageManager,
    packageName: String,
    certificatesAndType: @Size(min = 1) (Mutable)Map<ByteArray!, Int!>,
    matchExact: Boolean
): Boolean

Check if a package on device contains set of a certificates. Supported types are raw X509 or SHA-256 bytes.

Parameters
packageManager: PackageManager

The PackageManager instance to query against.

packageName: String

The package to query the {@param packageManager} for. Query by app UID is only supported by manually choosing a package name returned in getPackagesForUid.

certificatesAndType: @Size(min = 1) (Mutable)Map<ByteArray!, Int!>

The bytes of the certificate mapped to the type, either CERT_INPUT_RAW_X509 or CERT_INPUT_SHA256. A single or multiple certificates may be included.

matchExact: Boolean

Whether or not to check for presence of all signatures exactly. If false, then the check will succeed if the query contains a subset of the package certificates. Matching exactly is strongly recommended when running on devices below LOLLIPOP due to the fake ID vulnerability that allows a package to be modified to include an unverified signature.

Returns
Boolean

true if the package is considered signed by the given certificate set, or false otherwise

Throws
android.content.pm.PackageManager.NameNotFoundException

if the package cannot be found through the provided {@param packageManager}