Signing & mlpackageverifier: "signature not match"

I see 'mlpackageverifier' rejection in Logcat when running native code [Windows, native API v1.3.0-dev1/v1.3.0-dev2/v1.4.0-dev1]:

2023-10-09 23:10:48.198 5744-5744 MLPackageV...::Verifier com.magicleap.mlpackageverifier E Package com.magicleap.revok signature not match
2023-10-09 23:10:48.198 5744-5744 MLPackageV...::Verifier com.magicleap.mlpackageverifier E Reject package: com.magicleap.revok permissive=1

I see this with my own apps, and while compiling the native API examples.

I have tried cleaning
./gradlew clean

cache invalidation, uninstalling the apps on device:
adb uninstall com.magicleap.revok

  • Strangely, deleting the signingConfigs block altogether omits the ‘signature not match’ if we do a Gradle sync before each build, but otherwise I cannot see a change app behavior.

  • In Android Studio I refactored the signature to ensure our given package to com.magicleap.revok is consistent in Java, C++, ‘activity_main.xml’, ‘build.gradle (:app)’, applicationId "com.magicleap.revok" and ‘AndroidManifest.xml’.

ML2 APIs seem to require special signing -- is there any reference?

Signing config in 'build.gradle' from the sample projects is as follows:

> signingConfigs {
>    release {
>        keyAlias keystoreProperties['keyAlias']
>        keyPassword keystoreProperties['keyPassword']
>        storeFile file(storeFilePrefix + keystoreProperties['storeFile'])
>        storePassword keystoreProperties['storePassword']
>    }
> }

Hi @kevincain,

Thank you for reaching out to us. Are you certain that your package signatures are consistent across all files including Java, C++, ‘activity_main.xml’, ‘build.gradle (:app)’, applicationId “com.magicleap.revok”, and ‘AndroidManifest.xml’?

Best regards,


In a word, yes.

Thanks @etucker, as I wrote, I've scoured the Android Studio project for an errant signature in the places you quote. Also, we're using the 'fully qualified' name 'com/magicleap/revok/MainActivity' where required and consistently setting package com.magicleap.revok.

Again, is there any definitive guide to naming signatures and the signing process for ML?

Here is a guide on Building Signed Release APK's in Android Studio.

Thanks for that. That aligns with our practice, but I'll check again.