How to Verify Signal APK

These steps are for Windows, but they should be very similar on macOS or Linux.


  1. Android Studio installed
  2. Install the latest SDK

Locate apksigner

Apksigner is part of the Android build tools should be in the SDK directory.


Lets open up a terminal and navigate to the build-tools. Replace 30.0.0 with the actual SDK version you have installed.

cd .\AppData\Local\Android\Sdk\build-tools\30.0.0

Alternatively use the full path (Replace username and 30.0.0 with actual username and SDK number)

cd C:\User\username\AppData\Local\Android\Sdk\build-tools\30.0.0\

Verify Signal APK

We can now verify the Signal APK with the following. Replace username with your username.

.\apksigner.bat verify --print-certs C:\User\username\Downloads\Signal-Android-website-prod-universal-release-6.0.6.apk

Scroll up to the top part and look for the part that says

Signer #1 certificate SHA-256 digest:

Check the signature against the signature on Signal’s website/

You may see a bunch of

WARNING: META-INF/xxx.version not protected by signature...

Sounds like this can be expected and is a common thing. The certificate is stored in META-INF which means that other files stored in META-INF are not protected. Most of the files in that directory are only version numbers of libraries the app depends on. There shouldn’t be anything important so shouldn’t be a security concern.

Using ADB to Pull APKs off Device

ADB Help for pull and shell

It is sometimes helpful to pull an APK from a working device so you can install it on a different device. These commands should work on an emulator, phone, tablet, or other Android device. You just need to be able to connect with ABD.

  • Connect to device with ADB
  • View installed apps
  • Find path for APK
  • Pull/Download APK

View Installed Apps

This will display a list of all the installed packages.

adb shell pm list packages 

Find path for specific App/APK

Replace with the app of interest.

adb shell pm path

Pull APK to local machine

Pull/Download the APK of interest to your local machine with the following command. Change the path “/data/app/…” to the path returned from the previous command.

adb shell pull /data/app/info/base.apk

You can view the following link for more information.

Advanced Tricks

What if you need to get an APK off a secondary profile, or would like to download all the APKs off a system? And what about split APKs?

Multiple User Profiles

Run the following command to list the users.

adb shell pm list users

Example return

        UserInfo{0:User:a41} running
        UserInfo{11:User:439} running

In this case our second user id is 11. To get a list of APKs installed for our second user we would specify the –user= option

adb shell pm list packages --user=11

To get the path for the app we would run it with

adb shell pm path --user=11

Split APKs

Split APKs can be slightly more difficult to manage, mainly due to the fact that there are multiple APKs to keep track of.

When you run the “pm path” command, it should return multiple APKs. Use the pull command like normal, but download each APK.

You’ll need to use a split APK installer to install all the APKs.

PowerShell script for Pulling/Downloading all APKs on Device

The following PowerShell script will download all APKs for a specific user and put them in their own folders.

  • Copy the contents to a .ps1 file
  • Enable ps1 execution policy if not already enabled
  • Run PowerShell script.

This script will pull all the APKs off of a device and put them in the current folder.
It will also download split APKs.

# adbapkbackup uses adb to get a list of all the APKs you have on a phone and then
# Creates folders for each app and downloads the APKs for those apps.

# Copy and save code as a ps1 file

# Enable ps1 scripts to run on your computer by launching an Admin promopt and running
# set-executionpolicy remotesigned

# If you are in a secondary profile, add and/or modify
#  "--user 15"
# to your user id
# adb shell pm list users

# If in secondary profile, add "--user 15" after packages before > apklist.txt
adb shell pm list packages --user 15 > apklist.txt

 $apks = ((Get-Content .\apklist.txt)) -replace 'package:',''

 ForEach ($apk in $apks) {
    echo "APK is $apk"
    md $apk
    # If in secondary profile, add "--user 15" after path, before $file
    adb shell pm path $apk
    $filepath = ((adb shell pm path --user 15 $apk | % {$_.replace("package:","")}))
    ForEach ($lapk in $filepath | % {$_.replace("package:","")}) {
        echo "pulling $lapk $apk"
        adb pull $lapk $apk