When I use the dumpsys debugging tool like
adb shell dumpsys package com.example.testapp.first
I get the result for the single package like this (Nexus 6P, 7.1.1):
Packages:
Package [com.example.testapp.first] (2036fd1):
userId=10225
pkg=Package{42e7a36 com.example.testapp.first}
codePath=/data/app/com.example.testapp.first-1
resourcePath=/data/app/com.example.testapp.first-1
legacyNativeLibraryDir=/data/app/com.example.testapp.first-1/lib
primaryCpuAbi=null
secondaryCpuAbi=null
versionCode=1 minSdk=21 targetSdk=24
versionName=1.0
splits=[base]
apkSigningVersion=1
applicationInfo=ApplicationInfo{29cb2a4 com.example.testapp.first}
flags=[ HAS_CODE ALLOW_CLEAR_USER_DATA ALLOW_BACKUP ]
privateFlags=[ RESIZEABLE_ACTIVITIES ]
dataDir=/data/user/0/com.example.testapp.first
supportsScreens=[small, medium, large, xlarge, resizeable, anyDensity]
timeStamp=2016-11-03 01:12:08
firstInstallTime=2016-11-03 01:12:09
lastUpdateTime=2016-11-03 01:12:09
signatures=PackageSignatures{9fe380d [53ea108d]}
installPermissionsFixed=true installStatus=1
pkgFlags=[ HAS_CODE ALLOW_CLEAR_USER_DATA ALLOW_BACKUP ]
User 0: ceDataInode=474317 installed=true hidden=false suspended=false stopped=true notLaunched=true enabled=0
runtime permissions:
In this log you can find several hashes (or at least the first x hex of the hashes) like:
Package [com.example.testapp.first] (2036fd1):
pkg=Package{42e7a36 com.example.testapp.first}
applicationInfo=ApplicationInfo{29cb2a4 com.example.testapp.first}
signatures=PackageSignatures{9fe380d [53ea108d]}
but I cannot find any reference as to how they are generated. The same app installed on 2 different devices do not match a single hash. I think my original question is: can I produce a checksum/hash with the apk that must match a hash presented in the dumpsys log? It seems that they do not match a md5sum or sha1sum of the apk.
