Retrieve Android certificate fingerprints

A certificate fingerprint is a cryptographic hash of the public information held within a certificate. As described in Google’s documentation, certificate fingerprints are public information designed to be used by third-parties for Android app verification. Adjust never requests private app signing keys.

Adjust uses certificate fingerprints for the following features:

Feature	Hashing algorithm	Example
SDK Signature	SHA-1	C4:BD:07:91:BC:09:F8:B6:15:CD:BC:A3:3F:BC:68:8B:C2:EF:4F:F5
Android App Links	SHA-256	55:FB:97:0F:46:0F:94:EC:07:EA:01:69:50:5A:20:3F:A0:91:60:A4:F1:33:58:EA:76:DC:54:9E:A7:6A:B9:1A

Check the table below for the best way to get certificate fingerprints based on your app’s distribution methods. When configuring the Adjust dashboard, be sure to add all certificate fingerprints that are applicable for your builds.

Hosting service	Recommended approach
Google Play	Google Play Console
Google Play test track	Google Play Console - Internal app sharing
Huawei AppGallery - App Signing Enabled	AppGallery Connect
• Huawei AppGallery - App Signing Disabled • Other store, or direct APK download • Local debug build	Keystore or APK

From Google Play Console

In Google Play Console, go to your app.
On the menu on the left side, select Test and release > select Setup > App signing.
If you’re using Play App Signing, the App signing key certificate section will be present. In this section, copy the SHA-1 certificate fingerprint and/or SHA-256 certificate fingerprint.
Under Upload key certificate, copy the SHA-1 certificate fingerprint and/or SHA-256 certificate fingerprint.

In Google Play Console, go to your app.
On the menu on the left side, select Test and release > select Testing > Internal app sharing.
Under Internal test certificate, copy the SHA-1 certificate fingerprint and/or SHA-256 certificate fingerprint.

From AppGallery Connect

If you use Huawei App Signing, follow the below instructions. If you don’t use Huawei App Signing, retrieve your certificate fingerprints from a keystore or from an APK.

SHA-1
SHA-256

In AppGallery Connect, select My Apps.
Select your app.
Under Services, go to App Signing.
Under App Signature Certificate and Upload Certificate, respectively, select Download Certificate.

Screenshot of the certificate page in Huawei AppGallery

If needed, install OpenSSL:
- macOS: brew install openssl
- Linux: Usually pre-installed or use your package manager
- Windows: Use Microsoft’s vcpkg package manager or Windows Subsystem for Linux (WSL)
Run the below openssl command on each certificate file <certificate.pem>:
Terminal window
```
1
openssl x509 -fingerprint -in <certificate.pem> -noout -SHA1
```

Retrieve each SHA1 from the output:

1
SHA1 Fingerprint=C4:BD:07:91:BC:09:F8:B6:15:CD:BC:A3:3F:BC:68:8B:C2:EF:4F:F5

From a keystore

To retrieve certificate fingerprints from your keystore, follow these steps:

Locate your keystore:
- Self-managed keystore: path to the folder containing your .jks file
- Android default debug keystore:
  - macOS/Linux: ~/.android/debug.keystore
  - Windows: %USERPROFILE%\.android\debug.keystore

Run the below keytool command, replacing the parameter values:

1
# For a self-managed keystore (replace with path to your .jks file):
2
keytool -list -v -keystore </path/to/keystore.jks> -alias <your_key_alias>
3

4
# For the Android default debug keystore:
5
keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey

When prompted for the password, do the following:
- For a self-managed keystore, enter the password you set during keystore generation.
- For the Android default debug keystore, enter android.

Retrieve the SHA1 and/or SHA256 values from the output:

1
[...]
2

3
SHA1: C4:BD:07:91:BC:09:F8:B6:15:CD:BC:A3:3F:BC:68:8B:C2:EF:4F:F5
4
SHA256: 55:FB:97:0F:46:0F:94:EC:07:EA:01:69:50:5A:20:3F:A0:91:60:A4:F1:33:58:EA:76:DC:54:9E:A7:6A:B9:1A
5

6
[...]

From an APK

To retrieve certificate fingerprints used to sign your APK, follow these steps:

If needed, install Android Studio to get the apksigner command.
- During Android Studio installation, ensure the Android SDK is installed (it’s included by default).
- The Android SDK build-tools will be installed in the below locations:
  - macOS/Linux: ~/Library/Android/sdk/build-tools/<version>/
  - Windows: %LOCALAPPDATA%\Android\Sdk\build-tools\<version>\
Run the below apksigner command, replacing the parameter value:
Terminal window
```
1
apksigner verify -v --print-certs <app.apk>
```

Retrieve the SHA-1 and/or SHA-256 values from the output. Apps may show a single signature:

1
[...]
2

3
Signer #1 certificate SHA-1 digest: c4bd0791bc09f8b615cdbca33fbc688bc2ef4ff5
4
Signer #1 certificate SHA-256 digest: 55fb970f460f94ec07ea0169505a203fa09160a4f13358ea76dc549ea76ab91a
5

6
[...]

Or multiple signatures:

1
[...]
2

3
Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-1 digest: c4bd0791bc09f8b615cdbca33fbc688bc2ef4ff5
4
Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-256 digest: 55fb970f460f94ec07ea0169505a203fa09160a4f13358ea76dc549ea76ab91a
5

6
[...]
7

8
Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-1 digest: 9a3237ad99a97e8ea72df4fb096f28d544d5b8
9
Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-256 digest: 92e961bf8b67043d1af6061b4a926f6a94e2bb78b46a096639e8e2c2fb7784b0
10

11
[...]

If multiple signatures are present, you’ll need to configure all of them in the Adjust dashboard.