Skip to content

Move to hybrid signing approach with PQC for releases #8523

Description

@flexxxxer

Describe your suggested feature

Integrate with new hybrid signing for APKs released on GitHub

Sign APKs with new hybrid signing approach with ML-DSA for Android 17 and newer with legacy one (RSA or EC) combined, so will be one APK to install for newer and older Android versions, while ensuring better security for newer Android versions (17 and newer)

Other details

https://developer.android.com/about/versions/17/features#pqc-apk-signing

I have not yet figured out on how to do that in details using apksigner, probably details on that will be after Android 17 release

Acknowledgements

  • I have searched the existing issues and this is a new ticket, NOT a duplicate or related to another open issue.
  • I have written a short but informative title.
  • I will fill out all of the requested information in this form.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions