Closed ccampbell9 closed 3 months ago
I wonder if it may have something to do with the latest version being served as an App Bundle (in Google Play). 7.9.6 (and all the previous versions, including the aforementioned 7.8.1) were delivered as single APKs.
(I neither checked the signatures, nor I followed the app bundle situation, but at least in the past it seemed like using App Bundles meant that Google has the signing key, not sure if it's still as bad.)
We recently updated our signing. This has updated the data reported. The website was also just updated.
There are two certificate digests because the APK is signed both by the legacy 1024-bit key and by the new 4096-bit key.
$ANDROID_HOME/build-tools/34.0.0/apksigner verify -v --print-certs --min-sdk-version 24 Signal-Android-website-prod-universal-release-7.10.3.apk
Verifies
Verified using v1 scheme (JAR signing): false
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): true
Verified using v3.1 scheme (APK Signature Scheme v3.1): true
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 1
Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate DN: CN="Signal Messenger, LLC", SERIALNUMBER=6703101, OID.2.5.4.15=Private Organization, O="Signal Messenger, LLC", OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, L=Mountain View, ST=California, C=US
Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-256 digest: 4be4f6cd5be844083e900279dc822af65a547fecc26aba7ff1f5203a45518cd8
Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-1 digest: 5c6740091301285db5409fdcd1b90f1ac3ba2dcf
Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate MD5 digest: 34ac0b4e5d2c5c08b704fc05874f9a10
Signer (minSdkVersion=33, maxSdkVersion=2147483647) key algorithm: RSA
Signer (minSdkVersion=33, maxSdkVersion=2147483647) key size (bits): 4096
Signer (minSdkVersion=33, maxSdkVersion=2147483647) public key SHA-256 digest: 40763a247a68565e9950825c9ddac73ddcccd34f63c4b65759b66cb6d2844b43
Signer (minSdkVersion=33, maxSdkVersion=2147483647) public key SHA-1 digest: 4dd594733aee835834cebdad7844ab2be27ce798
Signer (minSdkVersion=33, maxSdkVersion=2147483647) public key MD5 digest: f81d6e4e117f0916430bf2f797a64310
Signer (minSdkVersion=24, maxSdkVersion=32) certificate DN: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-256 digest: 29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26
Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-1 digest: 45989dc9ad8728c2aa9a82fa55503e34a8879374
Signer (minSdkVersion=24, maxSdkVersion=32) certificate MD5 digest: d90db364e32fa3a7bda4c290fb65e310
Signer (minSdkVersion=24, maxSdkVersion=32) key algorithm: RSA
Signer (minSdkVersion=24, maxSdkVersion=32) key size (bits): 1024
Signer (minSdkVersion=24, maxSdkVersion=32) public key SHA-256 digest: 75336a3cc9edb64202cd77cd4caa6396a9b5fc3c78c58660313c7098ea248a55
Signer (minSdkVersion=24, maxSdkVersion=32) public key SHA-1 digest: b46cbed18d6fbbe42045fdb93f5032c943d80266
Signer (minSdkVersion=24, maxSdkVersion=32) public key MD5 digest: 0f9c33bbd45db0218c86ac378067538d
@cody-signal Thanks for the context. I think there is still something wrong with the apk on the website as I am still getting the same error on a newly downloaded copy of the apk, and the new valid fingerprint hash is not being reported (or at least not properly reported). I also went ahead and tried apksigner on a second machine and the results are still the same:
ubuntu@ubuntu2404:~$ apksigner --version
0.9
ubuntu@ubuntu2404:~$ apksigner verify -v --print-certs --min-sdk-version 24 /home/ubuntu/Downloads/Signal-Android-website-prod-universal-release-7.10.3.apk
Verifies
Verified using v1 scheme (JAR signing): false
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): false
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 1
Signer #1 certificate DN: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Signer #1 certificate SHA-256 digest: 29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26
Signer #1 certificate SHA-1 digest: 45989dc9ad8728c2aa9a82fa55503e34a8879374
Signer #1 certificate MD5 digest: d90db364e32fa3a7bda4c290fb65e310
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 1024
Signer #1 public key SHA-256 digest: 75336a3cc9edb64202cd77cd4caa6396a9b5fc3c78c58660313c7098ea248a55
Signer #1 public key SHA-1 digest: b46cbed18d6fbbe42045fdb93f5032c943d80266
Signer #1 public key MD5 digest: 0f9c33bbd45db0218c86ac378067538d
WARNING: APK Signature Scheme v3 signer #1: Unknown additional attribute: ID 0x559f8b02
@cody-signal Nevermind, I just verified using versions 34 and 35 of build-tools and everything looks good now. Thanks for your help!
Bug description
When verifying the Signal v7.10.3 APK downloaded from https://signal.org/android/apk/ using apksigner and a third-party verification app (AppVerifier), I've encountered some unexpected results that may warrant further investigation.
Findings:
Using the 'apksigner verify' command- an unknown additional attribute was detected in the APK Signature Scheme v3:
WARNING: APK Signature Scheme v3 signer #1: Unknown additional attribute: ID 0x559f8b02
The apk verification android app, AppVerifier (https://github.com/soupslurpr/AppVerifier), is displaying two SHA256 hash values for the Signal APK:
The output of apksigner reports
Verified using v3 scheme (APK Signature Scheme v3): false
which would appear to contradict the existence of the unknown v3 signer attribute:When repeating the same verification process on the Signal v7.8.1 APK using both apksigner and appverifier- neither the mysterious hash value nor the unknown v3 signature attribute are present and the APK appears valid (per the verification instructions on https://signal.org/android/apk/)
apksigner output for v7.8.1:
Steps to reproduce
apksigner verify --verbose --print-certs --min-sdk-version 24 Signal-Android-website-prod-universal-release-7.10.3.apk
Actual result: Unexpected unknown attribute in the V3 signiture block reported with apksigner even though V3 signiture scheme is reported to not be in use, and an unknown hash value is reported with the valid signal fingerprint hash when verifying the apk with appverifier.
Expected result: apksigner reports only the valid sha256 fingerprint hashes and no unknown attribute warnings that conflict with reported apk signature scheme in use, and appverifier only reports the valid fingerprint hash.
Screenshots
appverifier report for signal v7.10.3:
appverifier report for signal v7.8.1:
Device info
Device: Google Pixel 7 and 8 Android version: 14 Signal version: 7.10.3
Link to debug log