APK Signature Scheme V2 (Full APK Signature) was introduced in android 7.0, and V1 (Jar Signature) is from JDK.
The difference between the two:
V1: Validate only uncompressed file contents, so that many modifications can be made after the APK is signed, files can be moved and even recompressed.
V2: Validates all bytes of a compressed file, not a single ZIP entry, so cannot be changed after signing (including zipalign). Because of this, we now combine compression, adjustment, and signing into one step during compilation.
V2 benefits: More secure and new signatures reduce verification time on the device (no time-consuming decompression and verification), resulting in faster app installation. If any custom tasks tamper with the APK file or post-process it (in any way), there is a risk that the V2 signature will become void, making your APK incompatible with Android 7.0 and higher.
Use summary:
1. Only checking the V1 signature when packaging the signature will not affect anything, but a more secure verification method will not be used on 7.0;
2. Only check the V2 signature below 7.0, it will be installed directly and it will show that it is not installed, and if it is above 7.0, the V2 method will be used to verify
3. If both V1 and V2 are checked, all models will be fine.
In order to make it easier for us to pack each time, we can set both to be checked by default each time we pack. Add the following configuration to the build.gradle corresponding to the app, and then sync.
signingConfigs {
debug {
v1SigningEnabled true
v2SigningEnabled true
}
release {
v1SigningEnabled true
v2SigningEnabled true
}
}