We have users with our Android App that have Android 5 and major and we know that there is a security patch to avoid in them the Janus vulnerability, allowing that old Android versions to accept the v2 sign of the .apk. Then, we are trying to build an .apk without the JAR v1 sign (enableV1Signing false) for Android 5 or major and the build works. But then apksigner say "DOES NOT VERIFY" and also when we try to upload the .apk to the Store it is rejected. So, does it possible to avoid the v1 sign for Android 5 or major? If not, how we can publish the app excluding the users with Android 5 and 6 who haven't the Janus security patch installed? Thanks in advance.
Does it possible to build and upload an apk file available for Android 5/6 without the JAR v1 sign?
519 Views Asked by Sebastian Diaz At
1
There are 1 best solutions below
Related Questions in ANDROID
- Creating global Class holder
- Flutter + Dart: Editing name of a tab shows up a black screen
- android-pdf-viewer Received status code 401 from server: Unauthorized
- Sdk 34 WRITE_EXTERNAL_STORAGE not working
- ussd reader in Recket Native module
- Incorrect display of LinearGradientBrush in IOS
- The Binary Version Of its metadata is 1.8.0, expected Version is 1.6.0 build error
- I can't make TextInput to auto expand properly in Android
- Creating multiple instances of a class with different initializing values in Flutter
- How to create a lottie animation
- making android analyze with coverity sast tool
- Flutter plugin development android src not opening after opening example
- I initialize my ViewModel in the Activity with several fragments as tabs, but the fragments(tabs) return null for the updated livedata
- Node.js Server + Socket.IO + Android Mobile Applicatoin XHR Polling Error...?
- How I can use the shared preferences class?
Related Questions in APK
- INSTALL_FAILED_DUPLICATE_PERMISSION: Package
- How to solve Execution failed for task ':generateReleaseBuildConfig'. error in a flutter project
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Widgets show in debug apk but are grey blocks in the release apk
- mergeDebugResources FAILED
- Can't decompile APK file properly
- How does Android handle APK apps data?
- Flutter built apk when opened in samsung phone is opening Samsung heath app
- Kivy/KivyMD convert to APK - different UI on PC and device with Android
- Android application with arguments via manifest
- Why am i getting black screen on kivy app
- In Android Studio, I am attempting to create a home page resembling the layout of Instagram's feed, where posts are displayed
- Flutter Google Play version not launching as opposed to APK with the same code
- Problem when executing the bubblewrap build command
- Touch Problem with slider on Android 12 compared to Android 8 in vuejs webapp in WebView
Related Questions in ANDROID-SIGNING
- Is there a way to upload an app bundle or apk to Google Play WITHOUT using Google Play Signing?
- android studio: "The security strength of SHA-1 digest algorithm is not sufficient for this key size"
- When App Signing Upgrade Taking effective?
- What's the different between Changing App Signin Key vs Upgrade App Signin Key
- Sign an apk with signature of another signed apk using apksigner
- How to Sign Android App to avoid App not installed from Play Store error?
- Android 12/13 Signing images fails with error in sign_target_files_apks due to missing file vendor.img when vendor binaries are added
- Generate signed bundle errors (Unresolved references) only in release mode
- After a key rotation do I still need the old key to sign the update of the app?
- Unable to generate signed build using Android Studio
- How to add AndroidDebugKey to the Google Cloud API Key Restriction
- Validating app's release signature key runtime for security reasons?
- Android custom permission vs app signature
- Does it possible to build and upload an apk file available for Android 5/6 without the JAR v1 sign?
- Azure AD B2C Signature Hash with Google Managed app Signing
Related Questions in APKSIGNER
- Signing apk works from Android Studio but why the same keystore do not work on command line?
- Android SHA256 signature algorythm with certificate having a SHA1 algorythm
- Fetching the certificate fingerprint if an apk is signed with only v2 Signing Scheme
- apksigner - Invalid keystore format
- How to print certificates of APK using apksigner
- How to reverse engineer an apk without changing its siging information
- Generate CERT.RSA for an APK without jarsigner / apksigner or any java tool
- Is it possible to add a new signature to an existing app?
- How to sign .apk with SHA256 algorithm
- Recompile apk using original certificate
- The apk rebuild by apktool can not be installed even after zipalign and sign
- Sign an apk using keytool
- "ZIP End of Central Directory record not found" error using Apksigner
- ApkSigner fails to sign APK after AGP update to 4.1.0
- Changing method of signing application on Android Studio
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
V2 signing was introduced in Android 7, so there is no way to escape v1 signing for users on Android 5 and 6.
In Google Play, you can upload multiple APKs in one release, so if you really wanted, you could upload one APK with
minSdkVersion=21with v1 and v2 signatures, and another one withminSdkVersion=24with v2 signature alone. You will need to make sure that the latter one (24) has a higher versionCode than the former (21) to ensure that they are served as you expect to your users.