I can get a Signature of some Android package on a device using PackageManager.getPackageInfo and accessing signatures member of PackageInfo.
However, the documentation on Signature is very scarse:
Opaque, immutable representation of a signature associated with an application package.
I am looking for a way to figure out whether this package is authentic (signed by a company which should have signed it). And for this reason, I would like to get a certificate which was used to sign the app.
I don't like compare signatures directly, because new version of other app may come out, which is still authentic (signed with the same certificate), but which will have different signature (per my understanding).
This signature is the closes I got, but it looks like dead-end. Any ideas?
