Shouldn't I expect an "Ok" output whenever I run apksigner verify APK.apk on my apk and it finishes correctly?
I ran the command on an apk and it simply finished without throwing any warning or message.
I am suspicious that the apk is corrupt because adb install is taking forever.
By default apksigner does only output warnings and errors on console.
If the verification fails you will see the output DOES NOT VERIFY. And the process exit code will be 1 instead of 0 (on Windows this code is stored in %erorlevel% on Linux/Bash see $?).
If you want to see verification details execute
apksigner verify --verbose APK.apk
You will get a complete verification result and a separate output for each verification check like this:
Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): false
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 1
I recommend to additionally also output the signing certificate hashes:
apksigner verify --print-certs --verbose APK.apk
How to estimate the authenticity of the used signing certificate is e.g. included in this answer.
