Our existing app which is in production and available in the Play store is signed using both V1 and V2 of the signature scheme. Our security team has advised us to remove the v1 option as we no longer want to support Android OS < 7 and to avoid the security issues of v1 such as the Janus vulnerability.
The question is, can you do remove the V1 signing and leave the V2 signing untouched without needing to publish a brand new version of the app to the store and require your users to switch?
Thanks,
You cannot remove v1 signing without updating the app, you can remove v1 signing from build.gradle using the option enableV1Signing false.