Unexpected Attribute in APK Signature Block and Unidentified SHA256 Hash in v7.10.3

[ccampbell9]

• [x] I have searched open and closed issues for duplicates
• [ ] I am submitting a bug report for existing functionality that does not work as intended
• [x] I have read https://github.com/signalapp/Signal-Android/wiki/Submitting-useful-bug-reports
• [x] This isn't a feature request or a discussion topic

---

Bug description

When verifying the Signal v7.10.3 APK downloaded from https://signal.org/android/apk/ using apksigner and a third-party verification app (AppVerifier), I've encountered some unexpected results that may warrant further investigation.

Findings:

1. Using the 'apksigner verify' command- an unknown additional attribute was detected in the APK Signature Scheme v3: WARNING: APK Signature Scheme v3 signer #1: Unknown additional attribute: ID 0x559f8b02

2. The apk verification android app, AppVerifier (https://github.com/soupslurpr/AppVerifier), is displaying two SHA256 hash values for the Signal APK:

   • The expected hash value that matches the published value on https://signal.org/android/apk/ -- 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0:EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
   • An additional, unidentified SHA256 hash value -- 4B:E4:F6:CD:5B:E8:44:08:3E:90:02:79:DC:82:2A:F6:5A:54:7F:EC:C2:6A:BA:7F:F1:F5:20:3A:45:51:8C:D8

3. The output of apksigner reports Verified using v3 scheme (APK Signature Scheme v3): false which would appear to contradict the existence of the unknown v3 signer attribute:

   ~$ apksigner verify --verbose --print-certs --min-sdk-version 24 Signal-Android-website-prod-universal-release-7.10.3.apk
   Verifies
   Verified using v1 scheme (JAR signing): false
   Verified using v2 scheme (APK Signature Scheme v2): true
   Verified using v3 scheme (APK Signature Scheme v3): false
   Verified using v4 scheme (APK Signature Scheme v4): false
   Verified for SourceStamp: false
   Number of signers: 1
   Signer #1 certificate DN: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
   Signer #1 certificate SHA-256 digest: 29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26
   Signer #1 certificate SHA-1 digest: 45989dc9ad8728c2aa9a82fa55503e34a8879374
   Signer #1 certificate MD5 digest: d90db364e32fa3a7bda4c290fb65e310
   Signer #1 key algorithm: RSA
   Signer #1 key size (bits): 1024
   Signer #1 public key SHA-256 digest: 75336a3cc9edb64202cd77cd4caa6396a9b5fc3c78c58660313c7098ea248a55
   Signer #1 public key SHA-1 digest: b46cbed18d6fbbe42045fdb93f5032c943d80266
   Signer #1 public key MD5 digest: 0f9c33bbd45db0218c86ac378067538d
   WARNING: APK Signature Scheme v3 signer #1: Unknown additional attribute: ID 0x559f8b02

4. When repeating the same verification process on the Signal v7.8.1 APK using both apksigner and appverifier- neither the mysterious hash value nor the unknown v3 signature attribute are present and the APK appears valid (per the verification instructions on https://signal.org/android/apk/)

   apksigner output for v7.8.1:

   ~$ apksigner verify --verbose --print-certs --min-sdk-version 24 Signal-Android-website-prod-universal-release-7.8.1.apk
   Verifies
   Verified using v1 scheme (JAR signing): false
   Verified using v2 scheme (APK Signature Scheme v2): true
   Verified using v3 scheme (APK Signature Scheme v3): true
   Verified using v4 scheme (APK Signature Scheme v4): false
   Verified for SourceStamp: false
   Number of signers: 1
   Signer #1 certificate DN: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
   Signer #1 certificate SHA-256 digest: 29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26
   Signer #1 certificate SHA-1 digest: 45989dc9ad8728c2aa9a82fa55503e34a8879374
   Signer #1 certificate MD5 digest: d90db364e32fa3a7bda4c290fb65e310
   Signer #1 key algorithm: RSA
   Signer #1 key size (bits): 1024
   Signer #1 public key SHA-256 digest: 75336a3cc9edb64202cd77cd4caa6396a9b5fc3c78c58660313c7098ea248a55
   Signer #1 public key SHA-1 digest: b46cbed18d6fbbe42045fdb93f5032c943d80266
   Signer #1 public key MD5 digest: 0f9c33bbd45db0218c86ac378067538d 

Steps to reproduce

• For apksigner:
  • Download the Signal v7.10.3 apk from https://signal.org/android/apk/
  • Download/install apksigner (or android studio depending on your OS)
  • Run the following command: apksigner verify --verbose --print-certs --min-sdk-version 24 Signal-Android-website-prod-universal-release-7.10.3.apk
• For appverifier (not sure if this is really necessary but this app is what initially alerted me):
  • On an android device- download and install appverifier (instructions can be found here https://github.com/soupslurpr/AppVerifier)
  • Download the Signal v7.10.3 apk to the Andorid device you do not need to install Signal, you just need the apk file
  • Open the appverifier app, select the option to verify an apk, and choose the signal apk file
  • To check older versions of Signal for comparison- repeat the above steps on an older signal apk

Actual result: Unexpected unknown attribute in the V3 signiture block reported with apksigner even though V3 signiture scheme is reported to not be in use, and an unknown hash value is reported with the valid signal fingerprint hash when verifying the apk with appverifier.

Expected result: apksigner reports only the valid sha256 fingerprint hashes and no unknown attribute warnings that conflict with reported apk signature scheme in use, and appverifier only reports the valid fingerprint hash.

Screenshots

appverifier report for signal v7.10.3:

appverifier report for signal v7.8.1:

Device info

Device: Google Pixel 7 and 8 Android version: 14 Signal version: 7.10.3

Link to debug log

[di72nn]

I wonder if it may have something to do with the latest version being served as an App Bundle (in Google Play). 7.9.6 (and all the previous versions, including the aforementioned 7.8.1) were delivered as single APKs.

(I neither checked the signatures, nor I followed the app bundle situation, but at least in the past it seemed like using App Bundles meant that Google has the signing key, not sure if it's still as bad.)

[cody-signal]

We recently updated our signing. This has updated the data reported. The website was also just updated.

There are two certificate digests because the APK is signed both by the legacy 1024-bit key and by the new 4096-bit key.

$ANDROID_HOME/build-tools/34.0.0/apksigner verify -v --print-certs --min-sdk-version 24 Signal-Android-website-prod-universal-release-7.10.3.apk                                                        
Verifies
Verified using v1 scheme (JAR signing): false
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): true
Verified using v3.1 scheme (APK Signature Scheme v3.1): true
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 1
Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate DN: CN="Signal Messenger, LLC", SERIALNUMBER=6703101, OID.2.5.4.15=Private Organization, O="Signal Messenger, LLC", OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, L=Mountain View, ST=California, C=US
Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-256 digest: 4be4f6cd5be844083e900279dc822af65a547fecc26aba7ff1f5203a45518cd8
Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-1 digest: 5c6740091301285db5409fdcd1b90f1ac3ba2dcf
Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate MD5 digest: 34ac0b4e5d2c5c08b704fc05874f9a10
Signer (minSdkVersion=33, maxSdkVersion=2147483647) key algorithm: RSA
Signer (minSdkVersion=33, maxSdkVersion=2147483647) key size (bits): 4096
Signer (minSdkVersion=33, maxSdkVersion=2147483647) public key SHA-256 digest: 40763a247a68565e9950825c9ddac73ddcccd34f63c4b65759b66cb6d2844b43
Signer (minSdkVersion=33, maxSdkVersion=2147483647) public key SHA-1 digest: 4dd594733aee835834cebdad7844ab2be27ce798
Signer (minSdkVersion=33, maxSdkVersion=2147483647) public key MD5 digest: f81d6e4e117f0916430bf2f797a64310
Signer (minSdkVersion=24, maxSdkVersion=32) certificate DN: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-256 digest: 29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26
Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-1 digest: 45989dc9ad8728c2aa9a82fa55503e34a8879374
Signer (minSdkVersion=24, maxSdkVersion=32) certificate MD5 digest: d90db364e32fa3a7bda4c290fb65e310
Signer (minSdkVersion=24, maxSdkVersion=32) key algorithm: RSA
Signer (minSdkVersion=24, maxSdkVersion=32) key size (bits): 1024
Signer (minSdkVersion=24, maxSdkVersion=32) public key SHA-256 digest: 75336a3cc9edb64202cd77cd4caa6396a9b5fc3c78c58660313c7098ea248a55
Signer (minSdkVersion=24, maxSdkVersion=32) public key SHA-1 digest: b46cbed18d6fbbe42045fdb93f5032c943d80266
Signer (minSdkVersion=24, maxSdkVersion=32) public key MD5 digest: 0f9c33bbd45db0218c86ac378067538d

[ccampbell9]

@cody-signal Thanks for the context. I think there is still something wrong with the apk on the website as I am still getting the same error on a newly downloaded copy of the apk, and the new valid fingerprint hash is not being reported (or at least not properly reported). I also went ahead and tried apksigner on a second machine and the results are still the same:

ubuntu@ubuntu2404:~$ apksigner --version
0.9
ubuntu@ubuntu2404:~$ apksigner verify -v --print-certs --min-sdk-version 24 /home/ubuntu/Downloads/Signal-Android-website-prod-universal-release-7.10.3.apk
Verifies
Verified using v1 scheme (JAR signing): false
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): false
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 1
Signer #1 certificate DN: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Signer #1 certificate SHA-256 digest: 29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26
Signer #1 certificate SHA-1 digest: 45989dc9ad8728c2aa9a82fa55503e34a8879374
Signer #1 certificate MD5 digest: d90db364e32fa3a7bda4c290fb65e310
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 1024
Signer #1 public key SHA-256 digest: 75336a3cc9edb64202cd77cd4caa6396a9b5fc3c78c58660313c7098ea248a55
Signer #1 public key SHA-1 digest: b46cbed18d6fbbe42045fdb93f5032c943d80266
Signer #1 public key MD5 digest: 0f9c33bbd45db0218c86ac378067538d
WARNING: APK Signature Scheme v3 signer #1: Unknown additional attribute: ID 0x559f8b02

[ccampbell9]

@cody-signal Nevermind, I just verified using versions 34 and 35 of build-tools and everything looks good now. Thanks for your help!