biggest headlining feature of v3, meant to be a revision of v2, will be key rotation support. The v3 signature scheme introduces the APK Signer Lineage, which, according to one of the commits, “contains a history of signing certificates with each ancestor attesting to the validity of its descendant. Each additional descendant represents a new identity that can be used to sign an APK. In this way, the lineage contains a proof of rotation by which the APK containing it can demonstrate, to other parties, its ability to be trusted with its current signing certificate, as though it were signed by one of its older ones.”

Key rotation is a great feature for developers in several ways. For starters, this can be useful for developers on teams working towards a single app, so developers don’t have to share their signing keys with the team. Since the app needs the same exact signature for updating, all apps currently need to be compiled by the same developer or a group of developers working with the same key, decreasing safety (there are more chances of the key being stolen) and slowing down development.

Furthermore, it can also be useful in the case of a developer having their signing key stolen/lost, which would normally mean that the app would have to be reuploaded to the Play Store under a different package name. This isn’t an uncommon case at all, as long ago even Google apparently lost the signing key for the Google Authenticator app which led to them republish it under a different package name. Google has, since then, provided means to safely store your signing keys in the cloud with Google Play App Signing, but key rotation would allow you to continue updating your app in the case of a hypothetical mess up.