Modernize signatures of apksigner
We looked into the signature of com.governikus.ausweisapp2.apk and saw that it uses SHA1 in META-INF/MANIFEST.MF only. Also the signature scheme v2 is not enabled. The minimum api level for AusweisApp2 is 21 - so it should be no problem.
Please check your configuration of apksigner to allow modern signatures.
SHA1 / SHA256
META-INF/MANIFEST.MF
...
Name: lib/armeabi-v7a/libAusweisApp2.so
SHA1-Digest: Fmx7Tu2D3PnCI6dIY7HBjdprzF0=
...
Should be
...
Name: lib/armeabi-v7a/libAusweisApp2.so
SHA-256-Digest: VjnEvsdhpIJjLE7WbYWu6hOOu6B4j2p9FNDmUELnZAM=
...
Signature scheme v2
$ /opt/android-sdk/build-tools/28.0.3/apksigner verify --verbose com.governikus.ausweisapp2.apk
Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): false
Number of signers: 1