Android:
public static String getSignatureSHA1(Context context) { String sign = null; try { // 通過包管理器獲得指定包名包含簽名的包信息 @SuppressLint("PackageManagerGetSignatures") PackageInfo packageInfo = context.getPackageManager() .getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES); // 通過返回的包信息獲得簽名數組 Signature[] signatures = packageInfo.signatures; sign = getSHA1FromSignature(signatures[0].toByteArray()); } catch (PackageManager.NameNotFoundException e) { e.printStackTrace(); } return sign; }
iOS:
+ (NSString *)bundleSeedID { NSDictionary *query = [NSDictionary dictionaryWithObjectsAndKeys: (__bridge id)kSecClassGenericPassword, (__bridge id)kSecClass, @"bundleSeedID", (__bridge id)kSecAttrAccount, @"", (__bridge id)kSecAttrService, (id)kCFBooleanTrue, (__bridge id)kSecReturnAttributes, nil]; CFDictionaryRef result = nil; OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result); if (status == errSecItemNotFound) status = SecItemAdd((__bridge CFDictionaryRef)query, (CFTypeRef *)&result); if (status != errSecSuccess) return nil; NSString *accessGroup = [(__bridge NSDictionary *)result objectForKey:(__bridge id)kSecAttrAccessGroup]; NSArray *components = [accessGroup componentsSeparatedByString:@"."]; NSString *bundleSeedID = [[components objectEnumerator] nextObject]; CFRelease(result); return bundleSeedID; }
關於bundleSeedID,即App ID Prefixes,通俗點是 app id 前綴。可以作為證書的指紋使用,詳細請看官方文檔:
https://developer.apple.com/library/archive/technotes/tn2311/_index.html
服務器通過記錄該客服端的值,能夠知曉當前app用的是什么證書簽名。一定程度上可以避免原始包被改后,使用其它簽名運行,至於具體的策略還是要結合多種其它手段。(譬如 bundle id 或是包名的校驗,包體加密混淆,防hook的一些策略等)