Fix: JAR files signed with the MD5 algorithm as unsigned (godot 2)

[RameshRavone]

Fix: JAR files signed with the MD5 algorithm as unsigned

[mhilbrunner]

See notes in #18627 (same PR for 3.1)

[mhilbrunner]

We merged it for 3.x. Not sure what the Android version requirements of Godot 2.1 are? This would need Android API 18 (4.3+)

[volzhs]

https://github.com/godotengine/godot/blob/2.1/platform/android/SCsub#L105
the default min sdk for godot 2.1 is Android API 14.

I'm using min sdk api 15 for custom template.
I tested this PR with api 15 and it works fine.
I guess api 14 would fine too.

[mhilbrunner]

@volzhs Did you test on device? Some devices <= 18 (4.3) apparently reject APKs with a SHA1/SHA-256 signature.

[mhilbrunner]

Also, Google Play seems to reject APKs signed this way for API level < 18:

[volzhs]

@mhilbrunner I did it on a device but it has API 26. I didn't think it could be a problem with under API 18 devices.
it seems to let it as is for 2.1 then.

[akien-mga]

If MD5-signed APKs are also rejected anyway, shouldn't we update the API level to 18 and use SHA-256 on 2.1 too?

[mhilbrunner]

Probably best, yeah. According to https://developer.android.com/about/dashboards/, less than 5% of users are below API 18. So merge this and raise min. API level to 18?

[akien-mga]

So merge this and raise min. API level to 18?

I would prefer this PR to do the API level change (or another one, but merged at the same time).

[mhilbrunner]

targetSdkVersion ist still 23 in master I believe. However, seeing as this will no longer be supported for new apps on Google Play as of November 2018 raising this is fine.

We should increase it to 27 in master too after merging this.

[akien-mga]

Thanks!

We should increase it to 27 in master too after merging this.

Done with a655281, and in 3.0 with 1905e1c.