Which versions of Android support which package signing algorithms?

Question

Given that I want to support all android devices which are, say, Froyo or later, what's the most secure signing algorithm I can use? I do not need to place my APK in Android Market.

I know, for instance, that some phones support sha1withrsa but not sha256withrsa (Link).

Answer 1

Please refer to the android dev guide on signing. The current default method is SHA1withRSA:

$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name

while a few years ago the signing method recommended was MD5withRSA.

---

[...] what's the most secure signing algorithm I can use?

Are you concerned with some specific attack that makes you think that SHA1withRSA or SHA256withRSA would be more secure? I can't foresee any scenario.