APP获取证书签名指纹

Android：

    public static String getSignatureSHA1(Context context) {
        String sign = null;
        try {
            // 通过包管理器获得指定包名包含签名的包信息
            @SuppressLint("PackageManagerGetSignatures")
            PackageInfo packageInfo = context.getPackageManager()
                    .getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES);
            // 通过返回的包信息获得签名数组
            Signature[] signatures = packageInfo.signatures;
            sign = getSHA1FromSignature(signatures[0].toByteArray());
        } catch (PackageManager.NameNotFoundException e) {
            e.printStackTrace();
        }

        return sign;
    }

 

iOS：

+ (NSString *)bundleSeedID {
    NSDictionary *query = [NSDictionary dictionaryWithObjectsAndKeys:
                           (__bridge id)kSecClassGenericPassword, (__bridge id)kSecClass,
                           @"bundleSeedID", (__bridge id)kSecAttrAccount,
                           @"", (__bridge id)kSecAttrService,
                           (id)kCFBooleanTrue, (__bridge id)kSecReturnAttributes,
                           nil];
    CFDictionaryRef result = nil;
    OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
    if (status == errSecItemNotFound)
        status = SecItemAdd((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
    if (status != errSecSuccess)
        return nil;
    NSString *accessGroup = [(__bridge NSDictionary *)result objectForKey:(__bridge id)kSecAttrAccessGroup];
    NSArray *components = [accessGroup componentsSeparatedByString:@"."];
    NSString *bundleSeedID = [[components objectEnumerator] nextObject];
    CFRelease(result);
    return bundleSeedID;
}

 关于bundleSeedID，即App ID Prefixes，通俗点是 app id 前缀。可以作为证书的指纹使用，详细请看官方文档：

https://developer.apple.com/library/archive/technotes/tn2311/_index.html

 

服务器通过记录该客服端的值，能够知晓当前app用的是什么证书签名。一定程度上可以避免原始包被改后，使用其它签名运行，至于具体的策略还是要结合多种其它手段。（譬如 bundle id 或是包名的校验，包体加密混淆，防hook的一些策略等）