'Android Studio and apksigner won't sign app with v1 signature

I have an app with minSdkVersion = 24 but when I use Android Studio signing dialog, the apk never gets signed by v1 (the store I use enforces to include v1 signatures). I tried gradle options but it doesn't work. Also, I tried to use apksigner with options --v1-signing-enabled true and --max-sdk-version 23 to force v1 signing but it doesn't seem to work. apksigner verify also reports that the apk is not signed with v1.

Is there a way to force Android Studio or apksigner to always sign with v1 despite minSdkVersion >= 24?



Solution 1:[1]

At the risk of fulfilling the StackOverflow stereotype, can you explain why you want to absolutely sign with v1?

Since v2 signing is strictly more secure and faster than v1 signing, and since all Android versions 24+ support v2 signing, there is no reason to use v1 signing in this case, so Android Studio has an optimization not to use v1 signing in this case as it slows down the build for no good reason.

Moreover, since Android 11, v2 signing is required for an app to be installed, so unless you don't intend to support this (or any later) version, you will need v2 signing, and the v1 signature will thus always be ignored by the Android platform.

If you intend to use the v1 signature for your own security check, you probably shouldn't, but we would need to know what you're using it for to suggest an alternative.

Solution 2:[2]

I had the same issue, and it seems that apksigner verify is playing a trick on us.

If you run apksigner sign ... first and then use jarsigner -verify -certs your.apk (optionally with -verbose option), it should print jar verified.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Pierre
Solution 2 Alex Girke