Google is committed to advancing racial equity for Black communities. See how.

PackageInfoCompat

public final class PackageInfoCompat
extends Object

java.lang.Object
   ↳ androidx.core.content.pm.PackageInfoCompat


Helper for accessing features in PackageInfo.

Summary

Public methods

static long getLongVersionCode(PackageInfo info)

Return R.attr.versionCode and R.attr.versionCodeMajor combined together as a single long value.

static List<Signature> getSignatures(PackageManager packageManager, String packageName)

Retrieve the Signature array for the given package.

static boolean hasSignatures(PackageManager packageManager, String packageName, Map<byte[], Integer> certificatesAndType, boolean matchExact)

Check if a package on device contains set of a certificates.

Inherited methods

Public methods

getLongVersionCode

public static long getLongVersionCode (PackageInfo info)

Return R.attr.versionCode and R.attr.versionCodeMajor combined together as a single long value. The versionCodeMajor is placed in the upper 32 bits on Android P or newer, otherwise these bits are all set to 0.

Parameters
info PackageInfo

Returns
long

getSignatures

public static List<Signature> getSignatures (PackageManager packageManager, 
                String packageName)

Retrieve the Signature array for the given package. This returns some of certificates, depending on whether the package in question is multi-signed or has signing history.

Security/identity verification should not be done with this method. This is only intended to return some array of certificates that correspond to a package.

If verification if required, either use hasSignatures(PackageManager, String, Map, boolean) or manually verify the set of certificates using PackageManager.GET_SIGNING_CERTIFICATES or PackageManager.GET_SIGNATURES.

Parameters
packageManager PackageManager: The PackageManager instance to query against.

packageName String: The package to query the for. Query by app UID is only supported by manually choosing a package name returned in PackageManager.getPackagesForUid(int).

Returns
List<Signature> an array of certificates the app is signed with

Throws
if the package cannot be found through the provided
PackageManager.NameNotFoundException

hasSignatures

public static boolean hasSignatures (PackageManager packageManager, 
                String packageName, 
                Map<byte[], Integer> certificatesAndType, 
                boolean matchExact)

Check if a package on device contains set of a certificates. Supported types are raw X509 or SHA-256 bytes.

Parameters
packageManager PackageManager: The PackageManager instance to query against.

packageName String: The package to query the for. Query by app UID is only supported by manually choosing a package name returned in PackageManager.getPackagesForUid(int).

certificatesAndType Map: The bytes of the certificate mapped to the type, either PackageManager.CERT_INPUT_RAW_X509 or PackageManager.CERT_INPUT_SHA256. A single or multiple certificates may be included.

matchExact boolean: Whether or not to check for presence of all signatures exactly. If false, then the check will succeed if the query contains a subset of the package certificates. Matching exactly is strongly recommended when running on devices below Build.VERSION_CODES.LOLLIPOP due to the fake ID vulnerability that allows a package to be modified to include an unverified signature.

Returns
boolean true if the package is considered signed by the given certificate set, or false otherwise

Throws
if the package cannot be found through the provided
PackageManager.NameNotFoundException