-
Notifications
You must be signed in to change notification settings - Fork 10
Getting your signing certificate hash of app
Android requires that all APKs are digitally signed with a certificate before being installed on a device or updated. The signing certificate hash of the application is a unique identifier of the certificate with which the application is signed. It is used to verify the origin of the application.
There are two common ways how developers can sign the application – manual or via Play App Signing. Manual app signing is when the developer owns a keystore, which is used to sign the application. Developers can use tools like keytool or apksigner to print certificate details, including the SHA-256 digest.
Using keytool:
keytool -printcert -jarfile file.apk
Using apksigner:
apksigner verify --print-certs myApplication.apk
With Play App Signing, Google manages and protects your app's signing key for you and uses it to sign your applications. SHA-256 fingerprint of the certificate can be found in Google Play Developer Console in the App Integrity section.
You will end up with SHA-256 like this example: 88:8c:7f:02:d6:2e:ed:3a:53:bb:9c:a6:6b:82:5c:0d:78:a8:e5:b6:b2:11:28:bc:f5:ac:67:c8:e0:a3:7c:5a
This hex string needs to be converted to Base64 form using this tool https://base64.guru/converter/encode/hex. Then just assign the result (iIx/AtYu7TpTu5yma4JcDXio5bayESi89axnyOCjfFo=) to your expectedSigningCertificateHashBase64.