Android APK Digital Signature: Purpose, Principles, and v1‑v4 Signing Schemes

This article explains the role and underlying principles of Android APK digital signatures and details the four signing schemes (v1, v2, v3, v4) used by the Android platform.

Why signatures matter

1. They prevent third‑party tampering and ensure that only the original author’s app can be upgraded.

2. They enable modular design: apps signed with the same certificate can share processes, resources, and permissions (e.g., signature‑level permissions).

3. They allow secure permission sharing between apps that hold the same certificate.

Signature principle

APK signing follows a simple flow: compute a hash of each file, sign the hash with a private RSA key, and verify the signature with the corresponding public key. Encryption protects confidentiality, while the signature protects integrity.

APK signing scheme v1

v1 is based on JAR signing. The process:

Compute a hash for every file in the unsigned APK and store the digests in MANIFEST.MF .

Hash the entire MANIFEST.MF and each entry’s digest, saving the results in CERT.SF .

Sign CERT.SF with the private key; the signature, public key, and certificate are stored in CERT.RSA .

Verification re‑computes the same hashes and checks the signature.

APK signing scheme v2

Introduced in Android 7.0, v2 adds a dedicated signing block that covers the whole APK (including ZIP headers, central directory, and file contents). This eliminates the need for per‑file verification and speeds up installation. The block contains a chain of ID‑value pairs, where the ID 0x7109871a holds the signer information (signed data, signatures, public key).

Verification validates the entire APK byte‑by‑byte, making any modification break the signature.

APK signing scheme v3

Added in Android 9.0, v3 builds on v2 by inserting an additional attr block that stores a chain of signing certificates (key rotation). This enables seamless certificate rollover while preserving upgrade compatibility.

Typical usage involves the apksigner rotate command:

$ apksigner rotate --in /path/to/existing/lineage \ --out /path/to/new/file \ --old-signer --ks old-signer-jks \ --new-signer --ks new-signer-jks

APK signing scheme v4

Supported from Android 11, v4 stores the signature in a separate .idsig file, leaving the original APK unchanged. It uses a Merkle‑tree of 4 KB blocks (SHA‑256) to enable fast incremental (ADB) installation.

Differences and verification flow

v1: JAR‑style, per‑file digests, compatible with older devices.

v2: Whole‑APK signing block, stronger integrity, faster install.

v3: Adds key‑rotation attr block for certificate upgrades.

v4: External .idsig file, supports streaming incremental installs.

Practical considerations

• Android Studio 4.2+ signs with both v1 and v2 by default; you can control the schemes via Gradle flags v1SigningEnabled true and v2SigningEnabled true . • v3 requires Android 9.0+ and the apksigner.jar tool. • v4 improves ADB install speed but does not modify the APK itself.

Signature expiration

Signatures are self‑signed and typically valid for 25 years. When a certificate expires, developers must rotate the key (preferably using v3) before expiration to avoid installation failures for existing users.

References

APK signing scheme v2 – Android Open Source Project; APK signing scheme v3 – AOSP; apksigner – Android Developers documentation.