common.metadata_find_developer_signature() doesn't work w/o v1 signatures
Currently, all apps using signatures in metadata/
have a v1 signature. So this is not an issue yet.
I'm not sure if we can use androguard
to get the signatures from an extracted APKSigningBlock
(though I suppose implanting it into an empty APK with apksigcopier
might get it to work), but apksigtool
definitely can.