AIR GO and APK Signing
Article Summary
Seunghoon Kim from LINE's AIR GO team breaks down Android's APK signing evolution. If you're still using v1 signing, you're leaving security holes wide open.
This deep dive from LINE's security team explains how Android's APK signing schemes evolved from v1 (JAR signing) through v2 and v3, which introduced proof-of-rotation for key management. The article covers the technical architecture of each scheme and how AIR GO detects signing vulnerabilities.
Key Takeaways
- Scheme v1 only verifies individual files, vulnerable to Janus attacks
- v2 creates APK Signing Block covering entire file for integrity
- v3 adds proof-of-rotation: update apps with new keys without re-registration
- AIR GO flags apps using only v1 signing for security risks
- Digest verification uses 1MB chunks with SHA256 hashing
Android's v3 signing scheme solves the critical problem of lost signing keys by allowing developers to rotate certificates while maintaining app update capability on Google Play.
About This Article
When developers inspect APK files, standard ZIP parsing tools like 010 Editor can't display the APK Signing Block. This makes it hard to see and understand the signing structure.
Seunghoon Kim updated the 010 Editor ZIP Template to show APK Signing Blocks properly. Now you can view scheme block structures and their blockId values, such as 0x7109871a for v2 and 0xf05368c0 for v3.
AIR GO can now detect all three signing schemes by reading blockId markers and SDK version fields. The tool can tell users when to upgrade from v1 to v2 or v3 for better security and performance.