Troubleshooting a failing build (APK Signature Scheme v2 signer #1: APK integrity check failed. CHUNKED_SHA256 digest mismatch)

algol · June 6, 2026, 10:40am

Greetings,

I’m having some trouble verifying the signed APK for my application in the fdroiddata CI build, the error message is as follows:

DOES NOT VERIFY

ERROR: APK Signature Scheme v2 signer #1: APK integrity check failed. CHUNKED_SHA256 digest mismatch. Expected: <552be62d5da75c98b6ea6442d66c2eae5b395da4f76b243685d567916d82c1dd>, actual: <c5badfcb3671bb3851a639f58409b7dfce373d3206e6a4530240d96958dd285c>

2026-06-04 17:06:23,674 ERROR:

/tmp/tmp545gi1aq/sigcp_com.algol.obliquestrategies_1.apk:

2026-06-04 17:06:23,674 INFO: ...NOT verified - /tmp/tmp545gi1aq/sigcp_com.algol.obliquestrategies_1.apk

2026-06-04 17:06:23,918 DEBUG: > diff -r /tmp/tmp545gi1aq/tmp_binaries_com.algol.obliquestrategies_1.binary /tmp/tmp545gi1aq/_tmp_tmp545gi1aq_sigcp_com.algol.obliquestrategies_1

2026-06-04 17:06:24,120 WARNING: Keeping failed build "tmp/com.algol.obliquestrategies_1.apk"

2026-06-04 17:06:24,120 DEBUG: removing tmp/binaries/com.algol.obliquestrategies_1.binary.apk

2026-06-04 17:06:24,159 ERROR: Could not build app com.algol.obliquestrategies: compared built binary to supplied reference binary but failed

==== detail begin ====

verification of APK with copied signature failed

Comparing reference APK to APK with copied signature...

Unexpected diff output:

diff -r /tmp/tmp545gi1aq/tmp_binaries_com.algol.obliquestrategies_1.binary/content/META-INF/version-control-info.textproto /tmp/tmp545gi1aq/_tmp_tmp545gi1aq_sigcp_com.algol.obliquestrategies_1/content/META-INF/version-control-info.textproto

4c4

< revision: "97e6c91b176227e21e4b340e923aba92a81e74b2"

---

> revision: "bb73b6453b8b14699aa04993e456a0b5453015a1"

Binary files /tmp/tmp545gi1aq/tmp_binaries_com.algol.obliquestrategies_1.binary/content/assets/dexopt/baseline.prof and /tmp/tmp545gi1aq/_tmp_tmp545gi1aq_sigcp_com.algol.obliquestrategies_1/content/assets/dexopt/baseline.prof differ

Binary files /tmp/tmp545gi1aq/tmp_binaries_com.algol.obliquestrategies_1.binary/content/classes.dex and /tmp/tmp545gi1aq/_tmp_tmp545gi1aq_sigcp_com.algol.obliquestrategies_1/content/classes.dex differ

==== detail end ====

After researching the error message I did find some posts stating that APKs signed from Android Studio could cause issues, after which I built a new signed APK from the terminal and uploaded that to the release, but I’m still getting this error, and couldn’t find much else online on this.

Thanks in advance for any suggestions and help.

Licaon_Kter · June 7, 2026, 7:13am

Build your release APK from a fresh clone of the repo, checked out at the tagged commit. Don’t build from a tree with uncommitted changes.

algol · June 7, 2026, 11:04am

I did as instructed, but also noticed that when I had first built the APK from the terminal I forgot to run zipalign before signing it, which might have also been causing some problems.

That said, the build is still failing, but now at the v3 signer. I noticed the following outputs in the log file:

Verified using v1 scheme (JAR signing): true

Verified using v2 scheme (APK Signature Scheme v2): true

Verified using v3 scheme (APK Signature Scheme v3): true

Verified using v3.1 scheme (APK Signature Scheme v3.1): false

Verified using v4 scheme (APK Signature Scheme v4): false

Verified for SourceStamp: false

There are a number of warnings about various META-INF/* files not being protected by the signature and then the following error messages:

DOES NOT VERIFY

ERROR: APK Signature Scheme v3 signer #1: APK integrity check failed. CHUNKED_SHA256 digest mismatch. Expected: <1d39e4329acbd85e8f3030434ec87de3fd5ae06fa531afb522794e6f2295ad65>, actual: <7a5f9891f1ba5ecde290acc468e7147a2cf1a5ef3a65b5788d25dc9d09c32590>

2026-06-07 10:48:20,719 ERROR:

/tmp/tmpmkqg7yjj/sigcp_com.algol.obliquestrategies_1.apk:

2026-06-07 10:48:20,719 INFO: ...NOT verified - /tmp/tmpmkqg7yjj/sigcp_com.algol.obliquestrategies_1.apk

2026-06-07 10:48:21,022 DEBUG: > diff -r /tmp/tmpmkqg7yjj/tmp_binaries_com.algol.obliquestrategies_1.binary /tmp/tmpmkqg7yjj/_tmp_tmpmkqg7yjj_sigcp_com.algol.obliquestrategies_1

2026-06-07 10:48:21,224 WARNING: Keeping failed build "tmp/com.algol.obliquestrategies_1.apk"

2026-06-07 10:48:21,225 DEBUG: removing tmp/binaries/com.algol.obliquestrategies_1.binary.apk

2026-06-07 10:48:21,280 ERROR: Could not build app com.algol.obliquestrategies: compared built binary to supplied reference binary but failed

==== detail begin ====

verification of APK with copied signature failed

Comparing reference APK to APK with copied signature...

Unexpected diff output:

Binary files /tmp/tmpmkqg7yjj/tmp_binaries_com.algol.obliquestrategies_1.binary/content/assets/dexopt/baseline.prof and /tmp/tmpmkqg7yjj/_tmp_tmpmkqg7yjj_sigcp_com.algol.obliquestrategies_1/content/assets/dexopt/baseline.prof differ

Binary files /tmp/tmpmkqg7yjj/tmp_binaries_com.algol.obliquestrategies_1.binary/content/classes.dex and /tmp/tmpmkqg7yjj/_tmp_tmpmkqg7yjj_sigcp_com.algol.obliquestrategies_1/content/classes.dex differ

==== detail end ====

Any ideas as to what might be happening?

Thank you

Licaon_Kter · June 7, 2026, 11:15am

Take both APKs, use apktool to disassemble them, then diffoscope to compare the folders