Android 9 supports APK key rotation, which gives apps the ability to change their signing key as part of an APK update. To make rotation practical, APKs must indicate levels of trust between the new and old signing key. To support key rotation, we updated the APK signature scheme from v2 to v3 to allow the new and old keys to be used. V3 adds information about the supported SDK versions and a proof-of-rotation struct to the APK signing block.
Verification
In Android 9 and higher, APKs can be verified according to the APK Signature Scheme v3, v2 scheme, or v1 scheme. Older platforms ignore v3 signatures and try to verify v2 signatures, then v1.
Figure 1. APK signature verification process
Implement APK Signature V3 to SaFi Moble App
add a line of code in
app/app_safi/android/app/build.gradle
Upgrade gradle version in
app/app_safi/android/build.gradle
3. check if our app is already implement APK Signature V3 by run command on terminal:
/Users/YOUR_USER/Library/Android/sdk/build-tools/30.0.2/apksigner verify --verbose app-release.apk
refference :
https://source.android.com/docs/security/features/apksigning/v3#verification
Attachments:
Screen Shot 2022-11-24 at 10.48.28.png (image/png)
Screen Shot 2022-11-21 at 14.41.45.png (image/png)