-
-
Notifications
You must be signed in to change notification settings - Fork 21.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix: JAR files signed with the MD5 algorithm as unsigned (godot 2) #18626
Conversation
See notes in #18627 (same PR for 3.1) |
We merged it for 3.x. Not sure what the Android version requirements of Godot 2.1 are? This would need Android API 18 (4.3+) |
https://github.com/godotengine/godot/blob/2.1/platform/android/SCsub#L105 I'm using min sdk api 15 for custom template. |
@volzhs Did you test on device? Some devices <= 18 (4.3) apparently reject APKs with a SHA1/SHA-256 signature. |
@mhilbrunner I did it on a device but it has API 26. I didn't think it could be a problem with under API 18 devices. |
If MD5-signed APKs are also rejected anyway, shouldn't we update the API level to 18 and use SHA-256 on 2.1 too? |
Probably best, yeah. According to https://developer.android.com/about/dashboards/, less than 5% of users are below API 18. So merge this and raise min. API level to 18? |
I would prefer this PR to do the API level change (or another one, but merged at the same time). |
We should increase it to 27 in |
Matches the change for 2.1 in #18626, and the new requirements from Google for new apps starting with August 2018 (targetSdkVersion 26 or higher): https://android-developers.googleblog.com/2017/12/improving-app-security-and-performance.html
Matches the change for 2.1 in #18626, and the new requirements from Google for new apps starting with August 2018 (targetSdkVersion 26 or higher): https://android-developers.googleblog.com/2017/12/improving-app-security-and-performance.html (cherry picked from commit a655281)
Fix: JAR files signed with the MD5 algorithm as unsigned