Error while uploading APK to Firebase Test Lab: “The uploaded APK does not have a valid signature”. Reason and solution
Recently, while experimenting with Firebase’s new features in general, and more specifically – a tool called Test Lab, I encountered the following issue: whenever I tried to upload the APK file that I exported from Android Studio (the production-ready version of an Android app), the Test Lab was constantly throwing an ambiguous error: “The uploaded APK does not have a valid signature”.
After some searching around, the reason and the subsequent solution, was pretty clear. Here’s why this error occurs:
Android “Nougat” (SDK v7) introduced a new APK signature sheme v2, which comes with its own benefits over the old v1 signature scheme, as described well in its documentation:
APK Signature Scheme v2 is a whole-file signature scheme that increases verification speed and strengthens integrity guarantees by detecting any changes to the protected parts of the APK.
Signing using APK Signature Scheme v2 inserts an APK Signing Block into the APK file immediately before the ZIP Central Directory section. Inside the APK Signing Block, v2 signatures and signer identity information are stored in an APK Signature Scheme v2 Block.https://source.android.com/security/apksigning/v2
Since the v2 signing scheme was introduced in Android 7.0, APKs signed with this scheme can not be installed on older Android devices like Android 6.0 Marshmallow. Firebase Test Lab contains a variety of Android versions you can test against, including those that are pre-7.0. For this reason, it requires that the APK that you upload is signed with the older, widely-supported v1 APK signing schema.
- Inside Android Studio choose Build -> Generated signed Bundle / APK
- Choose APK on the first step (I think Android App Bundle is still not supported in Firebase Test Lab as of writing this)
- Select your provide key and enter the passwords in the next step.
- IMPORTANT: In the last step where you select the build variant and flavor, make sure Signature version V1 (Jar Signature) is selected: