有没有办法来确定生产和调试运行时一个Android应用程序是否签署？

Is there a way to determine whether an Android application is signed for production or debug at runtime?

推荐答案

是的，但没有100％可靠的。默认的（自动生成）证书具有DNCN = Android的调试，O =的Andr​​oid，C = US所描述的此处。如果检查DN，它默认的匹配，这是最有可能的调试证书。没有prevents人产生自己的调试证书或使用相同的一个用于生产和调试，虽然。

Yes, but no 100% reliable. The default (auto-generated) certificate has the DN 'CN=Android Debug,O=Android,C=US' as described here. If you check the DN and it matches the default, it is most probably the debug certificate. Nothing prevents people from generating their own debug certificate or using the same one for production and debugging though.

您可以使用 PackageManager 签名证书。是这样的：

You can get the signing certificate using PackageManager. Something like:

PackageManager pm = context.getPackageManager();
Signature sig = packageManager.getPackageInfo(getPackageName(), 
   PackageManager.GET_SIGNATURES).signatures[0];
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(
    new ByteArrayInputStream(sig.toByteArray()));
String dn = cert.getIssuerDN().getName();