Android Question VAPT apk

F

falbertini

Member
Licensed User
Longtime User
In a VAPT analysis I have the application that is signed with hash algorithms affected by collision vulnerabilities:

In the manifest editor of the app I have set the min sdk version to 30: android:minSdkVersion="30"
How can I do to remove the SHA-1 hash in the sign and keep only a SHA2-256 signing, as required from VAPT analysis ?
Thanks
 
Sort by date Sort by votes
F

falbertini

Member
Licensed User
Longtime User
Hello Erel,

I was able to verify with jarsigner that the application isn't anymore signed using SHA1.

Despite that, I am now seeing the following warning:

This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2052-10-10) or after any future revocation date.

I would like to know how can I sign and add the timestamp in the packet.

Thank you
 
Upvote 0
You must log in or register to reply here.

Similar Threads

  • Question
Android Question OutOfmemoryError
Replies
4
Views
976
Pedro Caldeira
D
  • Question
Android Question Failure MIN_SIG_SCHEME_FOR_TARGET_SDK_NOT_MET
Replies
5
Views
3K
Loris Anoardi
  • Question
Android Question Exoplayer - Uncaught translation error: com.android.dx.cf.code.SimException: invalid opcode ba (invokedynamic requires --min-sdk-version >= 26)
Replies
6
Views
2K
sentechnologies
D
  • Question
Android Question FusedLocationProvider error NoClassDefFound
Replies
2
Views
1K
DickD
D
A
Bug? Debug mode: crash on exit function _click from addmenuitem
Replies
4
Views
1K
albert6969
A
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…