When I sign my .apk with 2 platform keys (2 pairs of .pem & .pk8 files for 2 different platforms) with apksigner, the app itself is not seen anymore as a system-app on either of the 2 platforms I signed it for.
But when I try to sign it using just one platform key (1 pair of .pem & .pk8 files for a single platform) with apksigner, the app is seen as a system-app on that respective platform I signed it for.
The command I'm using is
apksigner sign
--verbose --v1-signer-name PLATFORM1 --v3-signing-enabled false --v4-signing-enabled false --key platform1.pk8 --cert platform1.x509.pem
--next-signer
--verbose --v1-signer-name PLATFORM2 --v3-signing-enabled false --v4-signing-enabled false --key platform2.pk8 --cert platform2.x509.pem
platform1-and-platform2-signed.apk
Similarly, the commands I'm using when signing the .apk for each platform independently are:
apksigner sign
--verbose --v1-signer-name PLATFORM1 --v3-signing-enabled false --v4-signing-enabled false --key platform1.pk8 --cert platform1.x509.pem
platform1-signed.apk
&
apksigner sign
--verbose --v1-signer-name PLATFORM2 --v3-signing-enabled false --v4-signing-enabled false --key platform2.pk8 --cert platform2.x509.pem
platform2-signed.apk
I checked my doubled-signed .apk (platform1-and-platform2-signed.apk) against both keytool -printcert & apksigner verify --print-certs commands and they both output good information (AFAIK):
Signer #1:
Signature:
Owner: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
Issuer: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
Serial number: <first-serial-number>
Valid from: Wed Apr 16 01:40:50 EEST 2008 until: Sun Sep 02 01:40:50 EEST 2035
Certificate fingerprints:
SHA1: <first-sha1>
SHA256: <second-sha256>
Signature algorithm name: MD5withRSA (disabled)
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: <ObjectId-prefix>.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
<first-KeyIdentifier>
]
[EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US]
SerialNumber: [ <apairof8hexadigits>]
]
#2: ObjectId: <ObjectId-prefix>.19 Criticality=false
BasicConstraints:[
CA:true
PathLen: no limit
]
#3: ObjectId: <ObjectId-prefix>.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
<first-KeyIdentifier>
]
]
Signer #2:
Signature:
Owner: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
Issuer: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
Serial number: <second-serial-number>
Valid from: Tue Dec 23 08:43:41 EET 2014 until: Sat May 10 09:43:41 EEST 2042
Certificate fingerprints:
SHA1: <second-sha1>
SHA256: <second-sha256>
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: <ObjectId-prefix>.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
<second-KeyIdentifier>
]
]
#2: ObjectId: <ObjectId-prefix>.19 Criticality=false
BasicConstraints:[
CA:true
PathLen: no limit
]
#3: ObjectId: <ObjectId-prefix>.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
<second-KeyIdentifier>
]
]
Warning:
The certificate uses the MD5withRSA signature algorithm which is considered a security risk and is disabled.
&
Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): false
Verified using v3.1 scheme (APK Signature Scheme v3.1): false
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 2
Signer #1 certificate DN: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
Signer #1 certificate SHA-256 digest: <first-certificate-SHA-256-digest>
Signer #1 certificate SHA-1 digest: <first-certificate-SHA-1-digest>
Signer #1 certificate MD5 digest: <first-certificate-MD5-digest>
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
Signer #1 public key SHA-256 digest: <first-public-key-SHA-256-digest>
Signer #1 public key SHA-1 digest: <first-public-key-SHA-1-digest>
Signer #1 public key MD5 digest: <first-public-key-MD5-digest>
Signer #2 certificate DN: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
Signer #2 certificate SHA-256 digest: <second-certificate-SHA256-digest>
Signer #2 certificate SHA-1 digest: <second-certificate-SHA1-digest>
Signer #2 certificate MD5 digest: <second-certificate-MD5-digest>
Signer #2 key algorithm: RSA
Signer #2 key size (bits): 2048
Signer #2 public key SHA-256 digest: <second-public-key-SHA256-digest>
Signer #2 public key SHA-1 digest: <second-public-key-SHA1-digest>
Signer #2 public key MD5 digest: <second-public-key-MD5-digest>
WARNING: META-INF/INDEX.LIST not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/android.support.design_material.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.activity_activity.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.annotation_annotation-experimental.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.appcompat_appcompat-resources.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.appcompat_appcompat.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.arch.core_core-runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.asynclayoutinflater_asynclayoutinflater.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.cardview_cardview.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.coordinatorlayout_coordinatorlayout.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.core_core-ktx.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.core_core.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.cursoradapter_cursoradapter.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.customview_customview.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.documentfile_documentfile.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.drawerlayout_drawerlayout.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.fragment_fragment.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.interpolator_interpolator.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.legacy_legacy-support-core-ui.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.legacy_legacy-support-core-utils.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-livedata-core.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-livedata.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-runtime.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.lifecycle_lifecycle-viewmodel.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.loader_loader.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.localbroadcastmanager_localbroadcastmanager.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.media_media.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.print_print.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.recyclerview_recyclerview.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.savedstate_savedstate.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.slidingpanelayout_slidingpanelayout.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.swiperefreshlayout_swiperefreshlayout.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.transition_transition.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.vectordrawable_vectordrawable-animated.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.vectordrawable_vectordrawable.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.versionedparcelable_versionedparcelable.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/androidx.viewpager_viewpager.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com.google.android.material_material.version not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/com.fasterxml.jackson.core.JsonFactory not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/com.fasterxml.jackson.core.ObjectCodec not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/io.jsonwebtoken.CompressionCodec not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/io.jsonwebtoken.io.Deserializer not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/io.jsonwebtoken.io.Serializer not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/services/java.sql.Driver not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
WARNING: META-INF/com/android/build/gradle/app-metadata.properties not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.
I also tried the --append-signature parameter of apksigner tool, as of SDK 31.0.0 onwards, but the result of that attempt did not verify against apksigner verify --print-certs command with the following error output:
DOES NOT VERIFY
ERROR: APK Signature Scheme v2 signer #1: APK integrity check failed. CHUNKED_SHA256 digest mismatch. Expected: <expected-sha256>, actual: <actual-sha256>
I searched both SHA256 (expected & actual) inside the output from keytool -printcert and I didn't find them. Also, when I tried to deploy the .apk signed like this on the device, I got yet another error:
17:58 Failed to commit install session 1406340558 with command package install-commit 1406340558. Error: PARSE_FAILED_NO_CERTIFICATES:
Failed collecting certificates for /data/app/vmdl1406340558.tmp/0_AppName-_______-debug:
Failed to collect certificates from /data/app/vmdl1406340558.tmp/0_AppName-_______-debug using APK Signature Scheme v2:
Failed to parse/verify signer #2 block: SHA-256 contents digest does not match the digest specified by a preceding signer
17:58 Error
Installation did not succeed.
The application could not be installed: INSTALL_PARSE_FAILED_NO_CERTIFICATES
Retry
One last thing, about the --append-signature parameter related attempt, I came across this post (about adding a new signature to an existing app) where a commenter is saying the following:
apksigner in sdk 31.0.0 has a new feature: --append-signature. By this feature , a new signature can be appended into the signed apk and the previous signature will not be removed.
However, if one is system signature, another is 3rd party signature, the apk will become non-system signature.
so, if I understand properly, with this 2nd method, even if I somehow managed to get the .apk verified by apksigner and deployed to device, the app itself would have still been seen as non-system by both platforms, because for each platform the other platform's key is non-system.
So my question is:
