Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Android App - weak signer Certificate (SHA1withRSA) #4
The app is signed with
Current key info extracted from CERT.RSA:
It is time to update to a stronger signing key for this Android app! The old default RSA 1024-bit key is weak and officially deprecated.
Note: We should keep in mind that if we use a SHA256 algorithm, the app does not work with some older Android devices (mostly pre Android 4.3). This means that builds made with the new cert management system currently create APK files that may not install on some Android 4.0-4.2 devices (some devices will install, some will fail, depends on the manufacturer).
Quoting this report on Android apps' signing keys:
We can probably rely on what's written here: