Support APK Signature Scheme V2

code-signing
android
#1

Description of the feature request

Android apps targeting Android 11 are now required to sign APKs with APK Signature Scheme V2, otherwise the build will be invalid. See: https://developer.android.com/about/versions/11/behavior-changes-11#minimum-signature-scheme

Use case / for what or how I would use it

This would be added to the Android Sign step in Bitrise. Google will probably force applications to target Android 11 sometime in the Fall of 2021, so this support will need to be integrated else users will not be able to generate builds any longer.

0 Likes

#2

I recommend setting the signing config through the android Gradle plugin and skipping the Bitrise-signing step altogether, for exactly situations like this.

A skeleton example for a prod-specific signing would be something like:

android{
    if (System.getenv("KEYSTORE_NAME") != null) {
        signingConfigs {
            prodConfig {
                keyAlias(System.getenv("BITRISEIO_ANDROID_KEYSTORE_ALIAS"))
                keyPassword(System.getenv("BITRISEIO_ANDROID_KEYSTORE_PRIVATE_KEY_PASSWORD"))
                storeFile file("$rootDir" + "/" + System.getenv("KEYSTORE_NAME"))
                storePassword(System.getenv("BITRISEIO_ANDROID_KEYSTORE_PASSWORD"))
            }
        }
    }
...

    buildTypes {
        release {
            if (System.getenv("KEYSTORE_NAME") != null) {
                signingConfig signingConfigs.prodConfig
            }
        }
    }
}

I also want to note that if you’re using Google Play Signing, I don’t think this is an issue, it’s unclear to me how exactly that plays in here right now.

0 Likes

#3

I tried to download a build shared from Bitrise today on my Pixel 4 and it didn’t work. Someone running on Android 10 was able to download it just fine. Do you think this is the root cause? Will try pklauser’s solution as well.

0 Likes

#4

This worked out for us. Thanks!

0 Likes

#5

For those that may be blocked by this (given the recent enforcement on Google Play API), and has a constraint on their workflow that requires the usage of the sign step, I’ve created a PR with a possible solution, that may work as a solution until a proper support is added by Bitrise, or change the signature process to be done by gradle configuration

0 Likes