Android Question For what is SHA1 hash in manifest with google services

Sort by date Sort by votes
KMatle

KMatle

Expert
Licensed User
Longtime User
Private sign your app (Tools -> Private Sign Key). In the Listbox you'll see the SHA1 :) Just copy and paste it...
 
Upvote 0
A

Alessandra Pellegri

Active Member
Licensed User
Longtime User
But what prevents that someone takes the regular sign of my app, substitute it's own with mine and use my key ?
In other words:

upload_2016-8-21_17-47-18.png


What prevents App "C" from working ?
How could I protect me from this ?
 
Upvote 0
A

Alessandra Pellegri

Active Member
Licensed User
Longtime User
Ok, but the sign is a sequence of bytes. He can take this exact sequence and paste to its own app. It is not the right sign but how google can know this ? Is Android that checks if it is correct ?
 
Upvote 0
An Schi

An Schi

Well-Known Member
Licensed User
You have to use the identical signkey or google play won't allow you to upload the updated app.
 
Upvote 0
A

Alessandra Pellegri

Active Member
Licensed User
Longtime User
Ok, so if I correctly understand, SHA1 hash protect me from illegal redistributing of my APIKey but the robber can anyway use it for himself. Is it right ?
 
Upvote 0
You must log in or register to reply here.

Similar Threads

mohsen programmer
  • Question
Android Question Warning of deactivation of SHA1withDSA keystore in the near future
Replies
3
Views
3K
Erel
Erel
SMOOTSARA
  • Question
Android Question HMAC_SHA_1
Replies
2
Views
2K
DonManfred
DonManfred
Multiverse app
  • Question
Android Question SHA1 conflict GCP and Firebase
Replies
6
Views
4K
KMatle
KMatle
Erel
  • Locked
  • Article
B4A Library FirebaseAuth - Authenticate your users
4 5 6
Replies
110
Views
81K
Erel
Erel
B
  • Question
Android Question SHA1 one way(?) encryption
Replies
5
Views
4K
btg1967
B
Top