How can I sign my app with "APK Signature Scheme v3 and v4"?

Question

Here in the docs, there is the explanation about signature v3 and v4 : https://source.android.com/security/apksigning/v3

But when I try to sign my app in android studio using Build>Generate signed apk/bundle, I can just check checkboxes for v1(jar signature) and v2(full apk signature) and there is no option for v3 signature.

How can I sign my App using signature scheme v3 and v4?

Thank you.

https://developer.android.com/studio/releases/gradle-plugin#v3-v4-signing — Nabzi, Sep 21 '21 at 05:40

Srinivasan · Answer 1 · 2021-11-09T06:05:42.943

To manually create the signed build using Command line.

Please find the steps to create v3 and v4 scheme signed build,

Select build-tools\30.0.0 or later version.

Note: You can find the build-tools folder inside the SDK location.

\Users\AppData\Local\Android\Sdk\build-tools\30.0.0
Zipalign - Align the unsigned APK

zipalign -v -p 4 app-production-debug.apk my-app-unsigned-aligned.apk

Note:

app-production-debug.apk - a. Apk file you have created from Android studio by Build-> Build Bundles(s)/APK(s)-> Build APK(s)

my-app-unsigned-aligned.apk - The file will be created in the same directory(You can define your path as well).

Apksigner - Sign your APK with your private key

apksigner sign --ks release-keystore.jks --out my-app-release.apk my-app-unsigned-aligned.apk

Note: a. release-keystore.jks - Keystore file we have configured in the build.gradle file

   android {
                signingConfigs {
                        production {
                            storeFile file('release-keystore.jks')
                            storePassword 'XXXX'
                            keyAlias = 'AAAAA'
                            keyPassword 'XXXX'
                        }
                }
            buildTypes {
                        release {
                            ...............
                            signingConfig signingConfigs.production 
               
                        }
            }
        }

b. my-app-release.apk - Signed release build will be generated in the same directory(You can define your path as well).

Verify:

apksigner verify --verbose my-app-release.apk

Update to verify v4:

apksigner verify -v -v4-signature-file my-app-release.apk.idsig my-app-release.apk

You can see the schemes that verified in the release apk.

Verifies

Verified using v1 scheme (JAR signing): true

Verified using v2 scheme (APK Signature Scheme v2): true

Verified using v3 scheme (APK Signature Scheme v3): true

Verified using v4 scheme (APK Signature Scheme v4): true

Please refer https://source.android.com/security/apksigning/v3 for more info — Srinivasan, Apr 19 '21 at 06:06
@Srinivasan This gives me v1 and v2 as true, but doesn't gives me anything for v3. Do we have to mention something for v3 explicitly ? Can you please help me v3 sign the apk as well?? — Saurabh, Apr 19 '21 at 15:19
AGP 4.2 now supports v3 and v4: https://stackoverflow.com/a/67423751/9636 — Heath Borders, Oct 18 '21 at 14:53
I get apksigner:command not found when I run apksigner command on Android Studio — Rohit Singh, Aug 27 '22 at 23:15

score 10 · Accepted Answer · answered May 06 '21 at 18:07

10

As of today, Android Studio supprot v3 and v 4 with Android Gradle Plugin 4.2 To enable one or both of these formats in your build, add the following properties to your module-level build.gradle or build.gradle.kts file:

android {
   ...
   signingConfigs {
      config {
          ...
          enableV3Signing = true
          enableV4Signing = true
      }
   }
}

answered May 06 '21 at 18:07

Ayoub Benzahia

333
4
14

1

I tried this: Gradle 7 and only v1 and v2 signature were included. – saeed khalafinejad Dec 08 '21 at 09:12
You need also add this line in buildTypes -> release block: buildTypes { release { signingConfig signingConfigs.config } } – Tiko Jan 20 '22 at 14:19
4

The above configs enableV3Signing & enableV4Signing are not working, do I have to upgrade my gradle version to 7 or later version of it? – Parth Bhayani Feb 25 '22 at 05:56
has anyone find anything yet? please share their findings – GoodJeans Aug 12 '22 at 07:23

score 1 · Answer 3 · answered Feb 17 '23 at 11:55

In my case it just worked enabling them in the corresponding configuration:

signingConfigs {
    release {
        v1SigningEnabled true
        v2SigningEnabled true

        enableV3Signing = true
        enableV4Signing = true

        storeFile file("${project.rootDir}/debug.keystore")
        storePassword 'android'
        keyAlias 'android'
        keyPassword 'android'
    }
}

Just ensure your gradle version supports them in order to be used.

Not working in the latest versions February 2023. – Ben-J Feb 27 '23 at 13:24 — Ben-J, Feb 27 '23 at 13:24

score 1 · Answer 4 · edited Mar 15 '23 at 17:40

You should upgrade your gradle version to 7.0+ and set the signingConfigs in your build.gradle file as below

signingConfigs {
    release {
        v1SigningEnabled true
        v2SigningEnabled true
        enableV3Signing = true
        enableV4Signing = true
        storeFile XXXX
        storePassword XXXX
        keyAlias XXX
        keyPassword XXX
    }
}

Then just create your apk as normal.^_^

score 0 · Answer 5 · answered Feb 10 '23 at 11:41

you can use v1SigningEnabled and v2SigningEnabled in signing config

signingConfigs {
    release {
        storeFile file("$rootDir/keystore/demo.jks")
        storePassword ""
        keyAlias ""
        keyPassword ""
        v1SigningEnabled false
        v2SigningEnabled true
    }
}

How can I sign my app with "APK Signature Scheme v3 and v4"?

5 Answers5

Linked