how to recognize which .apk is signed with debug key

I'm working with开发者_开发技巧 Android application developers. We need to recognize which APK package(.apk) is unsigned application package or signed application package. Also we would like to distinguish which signed APK package is signed by private key or signed by debug key. I know we could find these with Jarsigner tool. But we can't figure out that way. We have to find out with actual APK package(.apk file) which is generated by developers.

Here we found some clue. When we uncompressed the signed APK package then we found a foler(META-INF) and three files(CERT.RSA, CERT, MANIFEST.MF). When we open the CERT.RSA file with text editor, I could find the text, "Android Debug" in .apk was signed with the debug key.

So here is our question,

1. If I find the specific text, "Android Debug", then .apk is signed with the debug key.(correct or incorrect?)

2. If I uncompressed .apk and there is no CERT.RSA(*.RSA, I guess some case the file name is differnt) then .apk is unsigned. (correct or incorrect?)

Thank you for reading my question. I'm looking forward to the answer.

---

Both those things are correct (in general; you could have a key named Android Debug which was not the SDK debug key, but you'd have to be trying to defeat your purpose)