4Oca
What is the rationale for signing apk with all schemes under MASTG-TEST-38? [closed]
Under OWASP MASTG-TEST-38, what is the rationale for
Make sure that the release build has been signed via ... all the three schemes for Android 9 (API level 28) and above, and that the code-signing certificate in the APK belongs to the developer.
Why not only v3 scheme?
Is signing only with v3 scheme not secure enough or is it for compatibility?