{"id":13832048,"url":"https://github.com/avast/apkverifier","last_synced_at":"2026-03-27T04:56:35.912Z","repository":{"id":27308057,"uuid":"113296796","full_name":"avast/apkverifier","owner":"avast","description":"APK Signature verification in Go. Supports scheme v1, v2 and v3 and passes Google apksig's testing suite.","archived":false,"fork":false,"pushed_at":"2025-03-07T09:46:19.000Z","size":749,"stargazers_count":83,"open_issues_count":2,"forks_count":26,"subscribers_count":29,"default_branch":"master","last_synced_at":"2025-03-30T09:05:11.491Z","etag":null,"topics":["android","apk","signature-verification"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/avast.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-12-06T09:35:34.000Z","updated_at":"2025-03-07T09:46:23.000Z","dependencies_parsed_at":"2022-08-07T12:16:02.340Z","dependency_job_id":"f182af7b-167d-47df-b381-876faae9d03e","html_url":"https://github.com/avast/apkverifier","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avast%2Fapkverifier","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avast%2Fapkverifier/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avast%2Fapkverifier/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avast%2Fapkverifier/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/avast","download_url":"https://codeload.github.com/avast/apkverifier/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247464186,"owners_count":20942966,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","apk","signature-verification"],"created_at":"2024-08-04T10:01:49.351Z","updated_at":"2026-03-27T04:56:30.586Z","avatar_url":"https://github.com/avast.png","language":"Go","funding_links":[],"categories":["Go","Go (531)"],"sub_categories":[],"readme":"# apkverifier\n\n[![GoDoc](https://godoc.org/github.com/avast/apkverifier?status.svg)](https://godoc.org/github.com/avast/apkverifier)\n[![Build Status](https://travis-ci.org/avast/apkverifier.svg?branch=master)](https://travis-ci.org/avast/apkverifier)\n\nAPK signature verification, should support all algorithms and both scheme v1 and v2,\nincluding downgrade attack protection.\n\n**Works with Go 1.17 or higher.**\n\nDocumentation on [GoDoc](https://godoc.org/github.com/avast/apkverifier)\n\n    go get github.com/avast/apkverifier\n\n## Vendored stuff\nBecause Android can handle even broken x509 cerficates and ZIP files, apkverifier is using the ZipReader from apkparser\npackage and vendors `crypto/x509` in `internal/x509andr` and [github.com/fullsailor/pkcs7](https://github.com/fullsailor/pkcs7)\nin the `fullsailor/pkcs7` folder.\nThe last two have some changes to handle some not-entirely-according-to-spec certificates.\n\n## Example\n\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\t\"github.com/avast/apkverifier\"\n\t\"os\"\n)\n\nfunc main() {\n\tres, err := apkverifier.Verify(os.Args[1], nil)\n\tif err != nil {\n\t\tfmt.Fprintf(os.Stderr, \"Verification failed: %s\\n\", err.Error())\n\t}\n\n\tfmt.Printf(\"Verification scheme used: v%d\\n\", res.SigningSchemeId)\n\tcert, _ := apkverifier.PickBestApkCert(res.SignerCerts)\n\tif cert == nil {\n\t\tfmt.Printf(\"No certificate found.\\n\")\n\t} else {\n\t\tfmt.Println(cert)\n\t}\n}\n\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favast%2Fapkverifier","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Favast%2Fapkverifier","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favast%2Fapkverifier/lists"}