LogoLogo
HomeArticlesCommunity ProductsPremium ProductsGitHubTalsec Website
  • 👋Introduction
  • 🛠️Integration
    • 🤖Android
      • API
      • Troubleshooting
    • 🍎iOS
      • API
      • Troubleshooting
    • 🐦Flutter
      • FlutterFlow
      • API
      • Troubleshooting
    • ⚛️React Native
      • Expo
      • API
      • Troubleshooting
    • 👾Cordova
      • API
      • Troubleshooting
    • 🪽Capacitor
      • API
      • Troubleshooting
    • 🎮Unity
  • 🚀Features and Pricing Plans
    • The Key Differences: freeRASP vs. RASP+
  • 🎤What's New and Changelog
  • 📊Data Visualisation Portal
  • ℹ️Wiki
    • 🍪Getting Signing Certificate Hash
      • Google Play App Signing Method
      • Manual App Signing Method
      • Result: Convert the SHA-256 Hash to Base64 Format
    • Callback Delay, Telemetry Impact, and Threat Scanning Completion Status
    • Threat Detection
      • Detecting rooted or jailbroken devices
      • Emulator detection
      • Hook detection
      • App tampering detection
      • Debugger detection
      • Detecting unofficial installation
      • Device binding detection
      • Missing obfuscation detection [Android devices only]
      • Secure Hardware detection (Keystore/Keychain secure storage check)
      • Passcode
      • System VPN detection
      • Developer Mode detection [Android devices only]
      • ADB enabled detection [Android devices only]
      • Screen Capture
      • Multi-instance detection [Android devices only]
    • Source Code Obfuscation
    • isProd flag
  • ⚖️User Data Policies
  • 📄License
  • 🤝Fair Usage Policy (FUP)
  • 🦉FAQ
  • 🧑‍💻About Us
  • 🤝Contribution
Powered by GitBook
On this page
Export as PDF
  1. ℹ️Wiki

🍪Getting Signing Certificate Hash

This guide provides step-by-step instructions for getting the Base64-encoded signing certificate hash for your Talsec configuration.

Last updated 11 days ago

CtrlK
  • What is Signing Certificate Hash?
  • Choose Your Signing Method

What is Signing Certificate Hash?

All Android apps must be signed with a digital certificate before installation. The signing certificate SHA-256 hash in Base64 form - which we'll refer to as the hash for short, also known as a fingerprint -is the certificate's unique identifier, crucial for security and integrity. The Talsec SDK uses this hash for app tampering detection.

What the Signing Certificate Hash Guarantees?

The hash guarantees that:

  • The app's origin is verified, preventing malicious actors from distributing fake or modified versions.

  • Only the original developer can provide updates, ensuring a secure upgrade path.

  • Third-party services and APIs can authenticate the app before granting access.

Choose Your Signing Method

The first step is to determine which app signing method you're using.

If you're using Google Play App Signing, a very common practice for Android App Bundles (AAB) distribution, your upload key and distribution key are distinct. So, be sure to use the app signing certificate key from the Google Play Console. Proceed with the Google Play App Signing Method.

If you're managing your own signing key (Manual App Signing), you'll need to generate the hash yourself from your keystore, proceed with the Manual App Signing Method.

Continue with the method that matches your signing process ➡️