In Kalipso you have a function Get App Certificate Fingerprint that allow you to verify if you application was tempered by any way to steal data. This function returns an HASH in SHA 256 that you can compare with the one generated in your certificate when you generated the APK. (See below how to get the HASH from your application certificate)
How to retrieve HASH from certificate in Windows:
First you need to have installed the JDK. After you have it installed you will have to open a command prompt.
After it you will need to navigate thru command line to the bin folder from you JDK installation. Example below, it may vary the version from the JDK and you will need to adjust accordingly.
I’ve generated an sample certificate and placed it at the root from the main disk drive (C:\) with the name Signature.sign
cd\ cd Program Files (x86)\Java\jdk1.8.0_171\bin keytool -list -v -keystore C:\Signature.sign -alias key -storepass 123456 -keypass 123456
keytool -list -v -keystore PATH WITH FILE -alias PRIVATE KEY NAME -storepass SIGNATURE FILE PASSWORD -keypass PRIVATE KEY PASSWORD
For the example above considering that the first password is 123456 and the second 654321 and the key name is key the syntax would be:
keytool -list -v -keystore C:\Signature.sign -alias key -storepass 123456 -keypass 654321