The apk file might get destroyed when it's transferred through a network. If the file is signed with a certificate (most Android applications are signed by the publisher) you can check the file integrity from the command line before installing the application. The following methods check the certificate validity as well as validate
apk file contents.
keytool -list -printcert -jarfile app-sa.apk
(java/jre/bin/keytool)
Signer #1:
Signature:
Owner: CN=Somevalue, OU=Developers, O=Somevalue. Somevalue, L=Somevalue, ST=Somevalue, C=PL
Issuer: CN=Somevaluei, OU=Developers, O=Somevalue Somevalue, L=Somevalue, ST=Somevalue, C=PL
Serial number: Somevalue
Valid from: Thu Jul 17 11:25:00 CEST 2014 until: Mon Jul 11 11:25:00 CEST 2039
Certificate fingerprints:
MD5: 11:11:11:11:11:11:11:11:11:11:A3:D8:B5:11:11:11
SHA1: 11:11:11:11:11:11:11:11:11:0D:42:BC:2D:01:11:11:11:11:11:11
SHA256: 11:11:11:11:11:11:11:11:11:11:11:11:D4:7C:B7:1C:C8:14:8E:43:11:11:11:11:11:11:11:11:3E:11:11:11
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 11 11 11 11 11 11 11 11 11 11 11 11 11 11 36 F3 ..]....%.B....6.
0010: 11 11 11 11 ....
]
]
jarsigner -verbose -verify -certs app-sa.apk
(java/jre/bin/jarsigner)
sm 162096 Thu Dec 11 16:39:46 CET 2014 resources.arsc
X.509, CN=Somevalue, OU=Developers, O=Somevalue Somevalue, L=Somevalue, ST=Somevalue, C=PL
[certificate is valid from 7/17/14 11:25 AM to 7/11/39 11:25 AM]
[CertPath not validated: Path does not chain with any of the trust anchors]
sm 4416396 Thu Dec 11 16:40:46 CET 2014 classes.dex
X.509, CN=Somevalue, OU=Developers, O=Somevalue Somevalue, L=Somevalue, ST=Somevalue, C=PL
[certificate is valid from 7/17/14 11:25 AM to 7/11/39 11:25 AM]
[CertPath not validated: Path does not chain with any of the trust anchors]
sm 621 Thu Dec 11 16:40:48 CET 2014 androidannotations-api.properties
X.509, CN=Somevalue, OU=Developers, O=Somevalue Somevalue, L=Somevalue, ST=Somevalue, C=PL
[certificate is valid from 7/17/14 11:25 AM to 7/11/39 11:25 AM]
[CertPath not validated: Path does not chain with any of the trust anchors]
s 32963 Thu Dec 11 16:40:50 CET 2014 META-INF/MANIFEST.MF
X.509, CN=Somevalue, OU=Developers, O=Somevalue Somevalue, L=Somevalue, ST=Somevalue, C=PL
[certificate is valid from 7/17/14 11:25 AM to 7/11/39 11:25 AM]
[CertPath not validated: Path does not chain with any of the trust anchors]
32984 Thu Dec 11 16:40:50 CET 2014 META-INF/CERT.SF
1495 Thu Dec 11 16:40:50 CET 2014 META-INF/CERT.RSA
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
The latter of the methods verifies apk content as well.