Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android signing apk signature V2

I'm developing Android application using android studio version 2.2.2 and gradle version 2.2.2. I am trying to generate signed APK. I did the regular process for generating signed APK with Android Studio. After that, I did Zipalign process. generated APK works fine on below android 6. But in a case of Android N it shows me the following error while installing APK:

    Failed to install C:\Users\User\AppData\Roaming\Skype\My Skype Received Files\ap
p-dev3-release_zipalign.apk: Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: Fail
ed to collect certificates from /data/app/vmdl25816781.tmp/base.apk: META-INF/CE
RT.SF indicates /data/app/vmdl25816781.tmp/base.apk is signed using APK Signatur
e Scheme v2, but no such signature was found. Signature stripped?]

As per document Android studio 2.2 it self-take care of sign in signature V1 and V2. Am I doing anything wrong? Need some help.

like image 397
nilkash Avatar asked Dec 30 '16 06:12

nilkash


People also ask

What is Android APK signature?

APK Signature Scheme v2 is a whole-file signature scheme that increases verification speed and strengthens integrity guarantees by detecting any changes to the protected parts of the APK.

How Android apps are signed?

Android apps are signed with a private key. To ensure that app updates are trustworthy, every private key has an associated public certificate that devices and services use to verify that the app update is from the same source. Devices only accept updates when its signature matches the installed app's signature.

What is APK Idsig?

This scheme produces a signature in an separate file ( apk-name . apk. idsig ). If true and the APK is not signed, then a v2 or v3 signature is generated based on the values of --min-sdk-version and --max-sdk-version .


1 Answers

Android Plugin for Gradle as well as Android Studio 2.2 and newer by default generate APKs which are signed with v1 (JAR signing) and v2 scheme (APK Signature Scheme v2). Any modification to the v2-signed APK invalidates its v2 signature, which Android Nougat (Android 7.0) and newer verify, and thus prevents installation of the APK on Android Nougat and newer.

Solutions:

  1. Don't run zipalign on the already signed APK -- Android Plugin for Gradle and Android Studio will generate already zip-aligned APKs for your release builds.

  2. If you need to run zipalign, do it before the APK is signed. See https://developer.android.com/studio/command-line/zipalign.html and https://developer.android.com/studio/publish/app-signing.html#signing-manually.

  3. Disable v2 signing in your build.gradle file. See https://developer.android.com/studio/releases/gradle-plugin.html, in particular, v2SigningEnabled.

like image 123
Alex Klyubin Avatar answered Oct 11 '22 17:10

Alex Klyubin