Skip to content

Many popular apps fail to verify using bundletool 1.18.3 #392

New issue
New issue
Open
Open
Many popular apps fail to verify using bundletool 1.18.3#392
@greyson-signal

Description

@greyson-signal
greyson-signal
opened on Dec 30, 2025

Describe the bug
If you use bundletool 1.18.3 with the following command:

bundletool check-transparency  \
  --mode=connected_device \
  --package-name="<package>"

With any of these popular apps:

  • Signal: org.thoughtcrime.securesms
  • WhatsApp: com.whatsapp
  • Messenger: com.facebook.orca

You'll get this error:

Verification failed: APK signature invalid for base.apk

Bundletool version(s) affected
Version: 1.18.3

Stacktrace
None

To Reproduce

bundletool check-transparency  \
  --mode=connected_device \
  --package-name="<package>"

Expected behavior
I would expect it to verify

Known workaround
If you apply this PR my colleague made to update apksig, everything works.

Environment:
OS: Ubuntu 24.03, but I suspect this doesn't matter

Additional context
Add any other context about the problem here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions