Debug build: META-INF / CERT.SF has invalid digest

My debug assemblies don't install on some older devices. During installation, Android logs an error such as:

java.lang.SecurityException: META-INF / CERT.SF has invalid digest for ...

I'm pretty sure it has to do with the use of SHA1 and SHA256 when signing the debug APK. It installs on Android 5 and up, but not on Android 4.1. My release installs a setup on both, where I specify to use both V1 and V2 signing.

This problem came up recently when I updated my development environment. I understand that the v2 subscription has been around for a while, but obviously something "stuck in the past" during my earlier updates and only now actually uses the v2 subscription.

Here are some lines from an earlier CERT.SF build that installs on Android 4.1:

Signature-Version: 1.0
X-Android-APK-Signed: 2
SHA1-Digest-Manifest: 5uKyIdhWpwJ5DqL2eY6yywRve60=
Created-By: 1.0 (Android)

Name: res/drawable-hdpi-v4/task_priority_full_mask.png
SHA1-Digest: mgbQEI7yIlWN/S81eXILs9yQsx0=

Name: res/layout/intrinsic_calendar_item.xml
SHA1-Digest: fDHWqyZu4G7746oUndD2w3+SEpU=

Name: res/drawable-hdpi-v4/call_outgoing.png
SHA1-Digest: qjFodzSd/IiusVuP/fmJp8AMwpM=

      

        
        
        
      

    

And here are some lines from the new CERT.SF that fails to install:

Signature-Version: 1.0
X-Android-APK-Signed: 2
SHA-256-Digest-Manifest: oYH6iW7P/SZv6wI2m3sLn/GAfEtKxfO8gok/TVB6n1Y=
Created-By: 1.0 (Android)

Name: res/drawable-hdpi-v4/task_priority_full_mask.png
SHA-256-Digest: LfLVegeMx7B2i8CF5ctrZ+Ab2FHqlpxVPJgsgojbp6A=

Name: res/layout/intrinsic_calendar_item.xml
SHA-256-Digest: 5hrCEplQJgsiRbbJssNvd8faCTkHGAmAptub/ZPHPdk=

Name: res/drawable-hdpi-v4/call_outgoing.png
SHA-256-Digest: EXwgtHDkKbPUezjL9rOuuButu4w7E6e5r9YMTGxQhh8=

      

        
        
        
      

    

Note that the newer version contains the SHA-256 digest, while the earlier version contains the SHA1 digest.