[JohnTHaller]

In Windows world, you basically have to use SHA1 digests for digital signatures (though you use SHA2 certs to do the signing) as Windows XP doesn't support SHA2 at all, Windows Vista SP1 or SP2 prior to a patch a view years ago won't run the EXE or show an error due to a buffer overrun, and Windows Vista's Internet Explorer full patched will show the download as "reported unsafe" due to an unfixed bug in IE.

[CyberShadow]

What do APK signatures have to do with Windows?

[JohnTHaller]

I was giving an example of a context when using something stronger than SHA1 doesn't work even though it is supported. To show that there are sometimes reasons other than laziness and on the off chance that there may be something similar with specific versions of Android or possibly some software that deals with APKs.