APP獲取證書籤名指紋

Android：

    public static String getSignatureSHA1(Context context) {
        String sign = null;
        try {
            // 經過包管理器得到指定包名包含簽名的包信息
            @SuppressLint("PackageManagerGetSignatures")
            PackageInfo packageInfo = context.getPackageManager()
                    .getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES);
            // 經過返回的包信息得到簽名數組
            Signature[] signatures = packageInfo.signatures;
            sign = getSHA1FromSignature(signatures[0].toByteArray());
        } catch (PackageManager.NameNotFoundException e) {
            e.printStackTrace();
        }

        return sign;
    }

 

iOS：

+ (NSString *)bundleSeedID {
    NSDictionary *query = [NSDictionary dictionaryWithObjectsAndKeys:
                           (__bridge id)kSecClassGenericPassword, (__bridge id)kSecClass,
                           @"bundleSeedID", (__bridge id)kSecAttrAccount,
                           @"", (__bridge id)kSecAttrService,
                           (id)kCFBooleanTrue, (__bridge id)kSecReturnAttributes,
                           nil];
    CFDictionaryRef result = nil;
    OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
    if (status == errSecItemNotFound)
        status = SecItemAdd((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
    if (status != errSecSuccess)
        return nil;
    NSString *accessGroup = [(__bridge NSDictionary *)result objectForKey:(__bridge id)kSecAttrAccessGroup];
    NSArray *components = [accessGroup componentsSeparatedByString:@"."];
    NSString *bundleSeedID = [[components objectEnumerator] nextObject];
    CFRelease(result);
    return bundleSeedID;
}

 關於bundleSeedID，即App ID Prefixes，通俗點是 app id 前綴。能夠做爲證書的指紋使用，詳細請看官方文檔：

https://developer.apple.com/library/archive/technotes/tn2311/_index.html

 

服務器經過記錄該客服端的值，可以知曉當前app用的是什麼證書籤名。必定程度上能夠避免原始包被改後，使用其它簽名運行，至於具體的策略仍是要結合多種其它手段。（譬如 bundle id 或是包名的校驗，包體加密混淆，防hook的一些策略等）