Supply APK file for verification

[matchboxbananasynergy]

The way AppVerifier currently works, an app has to first be installed before the app can find it and verify it.

Ideally, AppVerifier should be able to accept an APK file and allow the user to verify it before needing to install it.

[life00]

Might be useful to hook up an Installer prompt right away if verification is successful. If #5 is implemented it might be especially nice to first pass the APK through AppVerifier and if successful prompt to install (obviously its better to implement this at OS level, but 🤷).

[matchboxbananasynergy]

I wouldn't want AppVerifier to be responsbile for installing apps, personally.

[life00]

Could be an optional setting?

[soupslurpr]

I don't think it should install the app either.

[soupslurpr]

It seems https://android.googlesource.com/platform/tools/apksig/ should be able to be used for parsing the APK file to get the SHA-256 hash of the signing certificate.

com.android.tools.build:apksig

[soupslurpr]

Hmm but then what to use for getting the package name?

[soupslurpr]

Right, we can parse the manifest manually I think

[lberrymage]

It seems https://android.googlesource.com/platform/tools/apksig/ should be able to be used for parsing the APK file to get the SHA-256 hash of the signing certificate.

com.android.tools.build:apksig

apksig would work, but there's actually an OS API for this: https://developer.android.com/reference/android/content/pm/PackageManager#getPackageArchiveInfo(java.lang.String,%20android.content.pm.PackageManager.PackageInfoFlags).

[soupslurpr]

Hmm but that won't be able to be used with SAF since it accepts a path

[soupslurpr]

Oh wait never mind can just copy the file to cache directory temporarily.

Thanks!