1.2 Check certificate

openssl pkcs7 -inform DER -in META-INF/*.RSA -noout -print_certs -text

or (optional)

jarsigner -verify -verbose -certs app_name.apk
  • jarsigner --> huge output (each file gets validated)

  • cert location:

    • unzip.apk --> META-INF/*.RSA

    • jadx app_name.apk --> resources/META-INF/*.RSA

  • custom CAs may be definded: res/xml/network_security_config.xml (or similar name)

    • also cert-pinning info available there (i.e expiration)

THINGS TO REPORT

MORE DETAILS

Last updated

Was this helpful?