Ripping out v2 signatures makes the APK invalid on Android 7.0 and newer. This is because the v1 signature contains a special header X-Android-APK-Signed in its META-INF/*.SF files. When Android 7.0 or newer encounters…
The vuln affects all APKs on 5.0 <= Android < 7.0, and APKs not signed with APK Signature Scheme v2 on Android 7.0 and newer.
MD5 APK signatures are still supported by Android and are accepted by Google Play when you upload an APK there. See https://forum.f-droid.org/t/many-old-unmaintained-apps-have-... for more discussion about this in the…
Ripping out v2 signatures makes the APK invalid on Android 7.0 and newer. This is because the v1 signature contains a special header X-Android-APK-Signed in its META-INF/*.SF files. When Android 7.0 or newer encounters…
The vuln affects all APKs on 5.0 <= Android < 7.0, and APKs not signed with APK Signature Scheme v2 on Android 7.0 and newer.
MD5 APK signatures are still supported by Android and are accepted by Google Play when you upload an APK there. See https://forum.f-droid.org/t/many-old-unmaintained-apps-have-... for more discussion about this in the…