我从网上下载了APK,想检查一下它的完整性和可信度。我使用过apksigner,但我不知道如何解释输出结果 - 它是否安全?官方网站不涉及此主题。
控制台输出:
$ ./apksigner verify -v -Werr --print-certs --min-sdk-version 28 ~/Downloads/com...apkmirror.com.apk
Verifies
Verified using v1 scheme (JAR signing): false
Verified using v2 scheme (APK Signature Scheme v2): false
Number of signers: 1
Signer #1 certificate DN: CN=gearhead, OU=Android, O=Google Inc., L=Mountain View, ST=California, C=US
Signer #1 certificate SHA-256 digest: fdb00c43dbde8b51cb312aa81d3b5fa17713adb94b28f598d77f8eb89daceedf
Signer #1 certificate SHA-1 digest: 9ca91f9e704d630ef67a23f52bf1577a92b9ca5d
Signer #1 certificate MD5 digest: eeb557fc154afc0d8eec621bdc7ea950
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
Signer #1 public key SHA-256 digest: 1b6110e69b38474bc06d6cba9578489b208b969f6ccf95206db9eac689063f2d
Signer #1 public key SHA-1 digest: 844d9df046e665c5630312da1a541be3e09e1afc
Signer #1 public key MD5 digest: 6f0062bb932de2a7303f506dd3412847