ShaFingerprint: Get SHA1 Fingerprint Certificate of app

1. Introduction

Description: Using this extension you can get SHA1 Fingerprint Certificate of app which can be used to verify authenticity of app. If someone has re-compiled the app, the certificate will be different from the original.
Version: 1
Released: 2023-03-15T18:30:00Z

2. Blocks


3. Usages

Returns SHA1 Fingerprint Certificate of app


com.sunny.sha.aix (6.9 KB)

Hope it helps!


Could you show a usage example for this?

I get a different sha1sum when running the apk on linux?

Different than what you signed it with?

1 Like

If I build an apk with this extension in it, if i then run the app, click the button, which displays the extension's sha1sum in a label.

If I run a sha1sum on the apk on my computer (linux), I get a completely different sha1sum.

Strange, I am getting same SHA1 on Windows and android.

Screenshot (9)

Me too.
So what's the problem...why did you unlist the topic?

(Although it's not quite clear to me yet, where this extension could help us. :thinking:)

I thought to wait till Tim's response.

Someone told me that he wants to get SHA1 during runtime to verify whether user is having original or decompiled version. I forgot that apk can be signed again with the original certificate :sweat_smile:
So it maybe useful for him but surely not for others.

Yes, and that's exactly what I've been doing for more than 10 years (with all my Play Store apps).

1 Like

My bad. Otherwise it could have been a good method to differentiate hacked versions.

I still don't see any reason to unlist the topic, as it might be useful for some users if they can match their compiled / decompiled app's fingerprint to that in the Play Developer Console.

Of course, there are other ways to do this than through the app itself. But for some it may be easier this way.

1 Like

On Linux:

$ openssl dgst -sha1 testsha1.apk
SHA1(testsha1.apk)= 6d25842bda91e3ab829f6ad3e9612ec9c243e303

$ sha1sum -b testsha1.apk
6d25842bda91e3ab829f6ad3e9612ec9c243e303 *testsha1.apk

in the app:


Please try again with keytool.

keytool -printcert -file ANDROIDK.RSA

You can find ANDROIDK.RSA file in META-INF dir of apk.

OK, that works, but what a struggle to get the matching "SHA1" of an apk.

If you use @Juan_Antonio 's Terminal app, you can run a sha1sum on the apk file....

1 Like