Android Signature verification prevents re-packaging

There's a lot of information on the web, just one note.
Anti-compilation Dex modifies the signature information of the APK after repackaging the signature, so you can determine in your code whether the signature information
have been changed to quit the program if the signature is inconsistent to prevent the apk from being repackaged.

1 Verifying signatures in Java code

Get signature information with Packagemanager

  Public Static intGetsignature (Context context) {Packagemanager pm=Context.getpackagemanager ();    PackageInfo Pi; StringBuilder SB=NewStringBuilder (); Try{pi=Pm.getpackageinfo (Context.getpackagename (), packagemanager.get_signatures); signature[] Signatures=Pi.signatures;  for(Signature signature:signatures) {sb.append (signature.tocharsstring ()); }    } Catch(packagemanager.namenotfoundexception e) {e.printstacktrace (); }    returnsb.tostring (). Hashcode ();}

This pure character comparison is easy to crack, and it is not really useful to have a global search to kill or modify your signature verification logic directly in Smali.

2 signature verification on the native layer developed with the NDK
This kind of validation is a little bit safer, after all, fewer people can reverse C and C + +. Like me, now can not reverse the C's can do nothing.
But for the students can converse C, is also very easy to get rid of your verification logic, you can consider adding, after all, still a bit of use.
3 validation on the service side
Feel no bird to use, directly kill or modify your interface of the judgment logic on the line.

There are many advanced methods that can bypass signature verification directly and are still being researched.

Android Signature verification prevents re-packaging