apksigner verify with no output

Question

Shouldn't I expect an "Ok" output whenever I run apksigner verify APK.apk on my apk and it finishes correctly?

I ran the command on an apk and it simply finished without throwing any warning or message.

I am suspicious that the apk is corrupt because adb install is taking forever.

Answer 1

By default apksigner does only output warnings and errors on console.

If the verification fails you will see the output DOES NOT VERIFY. And the process exit code will be 1 instead of 0 (on Windows this code is stored in %erorlevel% on Linux/Bash see $?).

If you want to see verification details execute

apksigner verify --verbose APK.apk

You will get a complete verification result and a separate output for each verification check like this:

Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): false
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 1

I recommend to additionally also output the signing certificate hashes:

apksigner verify --print-certs --verbose APK.apk

How to estimate the authenticity of the used signing certificate is e.g. included in this answer.