Recently, while experimenting with Firebase’s new features in general, and more specifically – a tool called Test Lab, I encountered the following issue: whenever I tried to upload the APK file that I exported from Android Studio (the production-ready version of an Android app), the Test Lab was constantly throwing an ambiguous error: “The uploaded APK does not have a valid signature”.
After some searching around, the reason and the subsequent solution, was pretty clear. Here’s why this error occurs:
Android “Nougat” (SDK v7) introduced a new APK signature sheme v2, which comes with its own benefits over the old v1 signature scheme, as described well in its documentation:
APK Signature Scheme v2 is a whole-file signature scheme that increases verification speed and strengthens integrity guarantees by detecting any changes to the protected parts of the APK.
Signing using APK Signature Scheme v2 inserts an APK Signing Block into the APK file immediately before the ZIP Central Directory section. Inside the APK Signing Block, v2 signatures and signer identity information are stored in an APK Signature Scheme v2 Block.
Since the v2 signing scheme was introduced in Android 7.0, APKs signed with this scheme can not be installed on older Android devices like Android 6.0 Marshmallow. Firebase Test Lab contains a variety of Android versions you can test against, including those that are pre-7.0. For this reason, it requires that the APK that you upload is signed with the older, widely-supported v1 APK signing schema.