Signature check

An attacker may attempt to reverse engineer your application to add extra code - either to make it easier for them to analyse, or to re-package and deploy to an app store as malware. Adding a signature check can make this more difficult.

safeToRun({verifySignatureCheck("Abc")}

To generate your signature, the simplest way is to simply run the report and read the result, for example

Log.v("Signature", verifySignatureConfig("").canRun())

The function can take multiple strings so you can provide a signature for debug, release (etc) builds

When to use

Use this when you want to verify that your application has been correctly signed. It's not entirely tamper-proof, but it will make it harder for people to reverse engineer your application, and re-compile it with extra code added.

Often, attackers will use this to take a popular application (E.g. WhatsApp) and trick people into downloading it thinking it is the real WhatsApp - but actually executing extra, malicous code. Another thing that attackers do is recompile your app in order to make it easier for them to debug it.