Check for the presence of V1 signature scheme with a minimum SDK version targeting < Android 7.0 - If this is found, the app is vulnerable to the Janus vulnerability (CVE-2017-13156). See https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures for more information.

APK's support 3 signature schemes:

Version 1 (JAR signing)

• Version 2 (full APK signing, 7+)
• Version 3 (APK key rotation, 11+)

How to check:

install apksigner (apt install apksigner) and run:

apksigner verif -v APK_name