Yalpstore: APK signature mismatch

Created on 29 Aug 2018  路  12Comments  路  Source: yeriomin/YalpStore

Before creating an issue

  1. Version: 0.43
  2. Similar issue: #494
  3. Done.

Expected behavior
WhatsApp application should be correctly updated.

Actual behavior
I can't update WhatsApp application because YalpStore says to me that the new APK's signature mismatch. I tried to install it anyway, but the system says that "There was a problem parsing the package". I tried also disabling delta updates, according do #494, but it didn't work.

Steps to reproduce
screenshot_20180829-120412
screenshot_20180829-120435
screenshot_20180829-120441

Your setup
Motorola Moto E 2015, LineageOS 14.1

Most helpful comment

@momo42 @ema-pe I solved this properly after all. There is a signature of the base apk (the one installed, the one being patched) returned with the download link. Previously I didn't know what kind of signature it was. It appears to be a sha1 signature encoded with base64 with URL and Filename Safe Alphabet with padding removed. This means it is possible to decide if delta is applicable to the installed apk before downloading anything.

The solution is in master.

All 12 comments

Reinstall WhatsApp. It can't update because the signature is not the same.

Hello.

After disabling delta updates, you could try deleting the apk and downloading it again in case there was a transmission problem.

If you did that already, try looking at your device's general logs. Android package installer (on your third screenshot) logs failure details/reasons.

How did you install WhatsApp initially? Did it come with the device?

Hello. I have the same behavior on five devices. Affected apps are:
com.starfinanz.smob.android.sfinanzstatus [Banking App from my bank (Sparkasse)]
org.thoughtcrime.securesms [Signal Messenger]

Strange thing is: On one phone the Signal Messer updated without problems to the newest version and on one Tablet the banking App did so. Delta Updates are activated and Downloads go to internal memory on all devices. Disabling delta updates didn't have an effect.

I will try to switch downloading to "Download" folder and report back.

ok, first tested to switch download location to "Download" leaving Delta updates on. Yalp downloaded some deltas and then failed to install with the same signature mismatch error. Then I manually deleted the downloaded files from "Download" folder and deactivated Delta Updates and it worked. :-)

This was the second time I have problems with deltas. I'll leave it off for the future.

But important: Is there any way to delete the non-working deltas from internal memory? Delta updates seem to be problematic. Perhaps Yalp should automatically delete all previously downloaded apks from internal memory when switching deltas off!

More thoughts: Facing normal users with signature mismatch errors and advice to completely delete and reinstall the affected app seems to be not the best option to handle this special case (signature mismatch while delta download is ON). If deleting the delta.apk and and downloading again is the way to go, Yalp should offer this option to the user - for example: "Delta Updates can cause such signature mismatches. Delete the downloaded delta and try to download the full apk?"

Thanks @momo42, now WhatsApp is succesfully updated. I simply followed your istructions, disabling delta updates and deleting all apks from "Download" directory.

I also like your suggestions, I hope that @yeriomin will read them soon. This bug should be noticied to all users, because It is very common.

Anyway, I've installed WhatsApp initially with YalpStore.

Edit: deleting the old installed apk is a bad workaround, because all app's data will be lost.

@momo42 This issue is unrelated to delta updates, @ema-pe says they are disabled. Please create a new issue if you have something new to discuss.

Is there any way to delete the non-working deltas from internal memory?

Apks are deleted from internal storage automatically after some time.

Delta updates seem to be problematic.

This is why deltas are off by default.

Perhaps Yalp should automatically delete all previously downloaded apks from internal memory when switching deltas off!

Might be safer to just remove the option altogether.

The deltas problem is unlikely to be fixed any time soon, unfortunately. While the process itself works, it is impossible to know if deltas are applicable to the existing apk. Play Store has a way to know that, Yalp Store does not. It is possible to detect the signature mismatch and redownload automatically, but only after downloading and applying - there would be no point in having deltas as they are supposed to save traffic and time. The only proper way to work around this is to learn the checksum algo used by Play Store.

@yeriomin: I'm sorry, but you are wrong. @ema-paid said in his first post, that he disabled delta updates after signature mismatch error but this didn't help. And the reason for this seems to be that Yalp does not try to load the full update when it detects a (broken) delta update for this app in download directory. Instead it tries to install the broken delta and fails again. If you delete the broken delta by hand downloading and installing the full update works as expected.

The problems are:

  • The user is not informed that delta updates could have caused this signature mismatch.
  • When the user switches off delta updates (because of signature mismatches) he is not informed that he has to manually delete the broken delta updates from download directory to make full updates working again.
  • If the user (like me) has download directory set to internal memory he even cannot delete any broken delta. (so in this case you have to switch delta off AND set download directory to external memory again.

From my point of view the perfect behavior for signature mismatch errors should be:

*Yalp detects signature mismatch*
if delta updates ON {
   automatically delete the failed delta update
   load the full update
   try to install the full update
}
if full update went through without error{
   be happy and don't bother the user
}
else{
   show signature mismatch error message
}

I used deltas for ~2 months now and successfully downloaded/installed ~100 updates before I had this 2 signature mismatches. I don't know how many megabytes have been saved thanks to delta updates. I'd be absolutely fine with some "problematic" updates loading twice (delta and full) if the ratio is like 100:2. I think most users would agree to that.

And you could change the delta option to something like "Try to save bandwidth by using delta updates if possible".

I noticed that to, I unchecked delta updates and the apks install correctly.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@momo42 @ema-pe I solved this properly after all. There is a signature of the base apk (the one installed, the one being patched) returned with the download link. Previously I didn't know what kind of signature it was. It appears to be a sha1 signature encoded with base64 with URL and Filename Safe Alphabet with padding removed. This means it is possible to decide if delta is applicable to the installed apk before downloading anything.

The solution is in master.

@yeriomin thanks for fixing this. Good job!

Was this page helpful?
0 / 5 - 0 ratings