Skip to content

Enable explicit v1/v2/v3 APK signing schemes on the release config#21

Merged
MustafaNazeer merged 1 commit into
mainfrom
chore/release-signing-schemes
Jun 7, 2026
Merged

Enable explicit v1/v2/v3 APK signing schemes on the release config#21
MustafaNazeer merged 1 commit into
mainfrom
chore/release-signing-schemes

Conversation

@MustafaNazeer

Copy link
Copy Markdown
Owner

Summary

The release signingConfig previously relied on Android Gradle Plugin defaults, which produced a v2 only signature on directly installed APKs. This enables v1, v2, and v3 signing explicitly so the scheme set is deterministic across toolchain upgrades.

Detail

At minSdk 31, apksigner reports v3 as the governing scheme and verifies with exit 0. The App Bundle path is unaffected, since Google re signs delivered artifacts with its own key. This is a compatibility hardening change ahead of the first Play Console upload, not a functional gate.

Verification

  • :app:assembleRelease BUILD SUCCESSFUL
  • apksigner verify exits 0 on the signed APK
  • :app:bundleRelease BUILD SUCCESSFUL; jarsigner -verify reports jar verified

The release signingConfig relied on AGP defaults, which produced a
v2-only signature on directly installed APKs. Enable v1, v2, and v3
signing explicitly so the scheme set is deterministic across toolchain
upgrades. At minSdk 31 apksigner reports v3 as the governing scheme and
verifies with exit 0; the App Bundle path is unaffected since Google
re-signs delivered artifacts.

Update the signing runbook's expected apksigner output accordingly.
@MustafaNazeer MustafaNazeer merged commit f3c961e into main Jun 7, 2026
1 check passed
@MustafaNazeer MustafaNazeer deleted the chore/release-signing-schemes branch June 7, 2026 04:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant