Comment on page
Guidance of changing signing key
- Due to the recent changes in Google's content app payment policy, there is an increasing number of cases where the package name or signing key needs to be changed.
- In order to prevent users from leaving the current apps and also ensure smooth and seamless updates, please refer to the guide below on how to make necessary modifications.
After obtaining the certificate fingerprint of the installed app, check that it is the same as the certificate fingerprint of the signing key that it will be compared to.
Example of how to verify the certificate SHA-256 digest of an installed app
val certs = runCatching {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
val signingInfo = packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNING_CERTIFICATES).signingInfo
if (signingInfo.hasMultipleSigners()) {
signingInfo.apkContentsSigners
} else {
signingInfo.signingCertificateHistory
}
} else {
packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNATURES).signatures
}
}.mapCatching {
it.map {
val encodedCert = CertificateFactory.getInstance("X509").generateCertificate(ByteArrayInputStream(it.toByteArray())).encoded
MessageDigest.getInstance("SHA-256").digest(encodedCert).toHexString()
}
}.recoverCatching {
// handle exceptions
throw it
}.getOrNull()
fun ByteArray.toHexString() = joinToString(separator = "") { "%02x".format(it) }
Please note:
- Android API reference
- To retrieve the information of other packages at API level 30 or higher, you must apply package visibillity.
- The fingerprint of the signing key certificate can be checked on Play Console when using Google Play App Signing, and can be extracted using keytool, apksigner, etc. if you signed it yourself.
When an app is installed, the name of the store or installer where the app was installed is saved. This can be found in Settings > Applications > Application Information.
ONE store App Source Information | Google Play App Source Information | Galaxy Store App Source Information |
 |  |  |
After obtaining the installer package name of the installed app, crosscheck with the package name on the store to check the app source information.
Package name for each store
- ONE store
- com.skt.skaf.A000Z00040
- com.kt.olleh.storefront
- com.kt.olleh.istore
- com.lguplus.appstore
- android.lgt.appstore
- Google Play
- com.android.vending
- Galaxy Store
- com.sec.android.app.samsungapps
Example of how to check the app source information for installed apps
val installer = runCatching {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
packageManager.getInstallSourceInfo(packageName).installingPackageName
} else {
packageManager.getInstallerPackageName(packageName)
}
}.getOrNull()
Please note:
- To retrieve the information of other packages at API level 30 or higher, you must apply package visibility filtering.
The DELETE_PACKAGES (or REQUEST_DELETE_PACKAGES) permission is required for an app to have its own delete function.
Because this is not a standard permission, users will be directed to the application information screen so that they can delete it directly.
How to navigate to the application information screen of apps to delete
startActivity(Intent(Settings.ACTION_APPLICATION_DETAILS_SETTINGS, Uri.parse("package:$packageName")).apply {
addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
})
Please note:
Example screen for request to delete a product (implemented in the app) | Application information screen |
 When touch the [Delete] button to go to the application information screen. |  |
Last modified 7mo ago