Issue with GrapheneOS Verified Boot and Custom App Signatures

Madmomison

Hello

I recently encountered an issue while testing a custom-built app on GrapheneOS. Since GrapheneOS enforces strict verified boot & app signature verification; my app, which works fine on AOSP and LineageOS, fails to install due to a signature mismatch. Even when I self-sign the app, it still gets blocked.

I suspect this is due to how GrapheneOS handles key attestation & signature enforcement; but I’m unsure if there’s a workaround for local testing without disabling core security features. Checked https://discuss.grapheneos.org/t/development/ Java guide for reference .

Has anyone successfully tested self-signed apps on GrapheneOS without compromising security?
I’d appreciate any guidance or relevant documentation.

Thank you !!

other8026

Madmomison fails to install due to a signature mismatch

Unless I'm mistaken, it sounds like you have an app with the same package name signed with a different key already installed, maybe in another profile. Like, for example, if you have a production version of your app in one profile called your.app.name and you try to install a development version in another with the same your.app.name package name, then you will get an error if the two packages are signed with different keys. If that's the case, you can try using a different package name like dev.your.app.name for development.