status of apksigcopier testing
Binaries:
that fail
Apps using chromiumupdater.bamless.com.chromiumsweupdater | not RB | differences in classes.dex
info.guardianproject.checkey | not RB | differences in PNGs etc.
com.markuspage.android.certtools | not RB | differences in classes.dex & resources.arsc;
original does not verify
de.schildbach.oeffi | ??? | v1 OK | differences in extra fields
com.mishiranu.dashchan | ??? | v1 OK | v1 signature entries not at end
uk.co.keepawayfromfire.screens | ??? | v1 OK | v1 signature entries not at end
$ apksigner verify com.markuspage.android.certtools_6.apk
DOES NOT VERIFY
ERROR: JAR signer NETMACKA.DSA: JAR signature META-INF/NETMACKA.DSA uses digest algorithm SHA-256 and signature algorithm SHA-256 with DSA which is not supported on API Level(s) 3-20 for which this APK is being verified
$ jarsigner -verify com.markuspage.android.certtools_6.apk
jar verified.
Warning:
The DSA signing key has a keysize of 1024 which is considered a security risk. This key size will be disabled in a future update.
This jar contains signatures that do not include a timestamp. Without a timestamp, users may not be able to validate this jar after any of the signer certificates expire (as early as 2039-07-05).
Binaries:
that verify
Apps using androdns.android.leetdreams.ch.androdns
de.corona.tracing
eu.bubu1.fdroidclassic
nya.kitsunyan.foxydroid
org.briarproject.briar.android
org.jellyfin.mobile
rs.ltt.android
signatures
that verify
Apps using de.schildbach.wallet | only 409,411,415,418,422; 434 has differences in XML files
com.tachibana.downloader
org.schabi.newpipe
$ fdroid publish -v de.schildbach.wallet:434
ERROR: SHA-256 digest of res/layout/custom_dialog.xml does not match the digest specified in META-INF/MANIFEST.MF. Expected: <HO0uIgnBo7WhePMYweFac0JU3v850Xs/MhvquoZnD6Q=>, actual: <0cqSw8tdbdzfHpX+vE9TZV7BPgS46mWPF2a+9IHEP1s=>
ERROR: SHA-256 digest of res/layout/spinner_item.xml does not match the digest specified in META-INF/MANIFEST.MF. Expected: <HO0uIgnBo7WhePMYweFac0JU3v850Xs/MhvquoZnD6Q=>, actual: <tfvKxnm5NcGfifeEqZtN7r99YRXKR3msyyd9yf4yhLU=>
signatures
that haven't been tested yet (no unsigned build yet)
Apps using de.schildbach.wallet_test
Other apps
de.chagemann.regexcrossword:24 | original does not verify
$ apksigner verify -v de.chagemann.regexcrossword_24.apk
DOES NOT VERIFY
ERROR: Missing APK Signature Scheme v2 signature required for target sandbox version 2
All other verification failures are the result of differences in contents.
Totals
198 APKs failed
1019 APKs tested
Edited by FC (Fay) Stegerman