diff --git a/digitalassetlinks/src/main/java/com/solana/digitalassetlinks/AndroidAppPackageVerifier.java b/digitalassetlinks/src/main/java/com/solana/digitalassetlinks/AndroidAppPackageVerifier.java
index 268ff74..ab44821 100644
--- a/digitalassetlinks/src/main/java/com/solana/digitalassetlinks/AndroidAppPackageVerifier.java
+++ b/digitalassetlinks/src/main/java/com/solana/digitalassetlinks/AndroidAppPackageVerifier.java
@@ -95,6 +95,10 @@ public boolean verify(@NonNull String packageName, @NonNull URI uri)
             requireAllSignatures = true;
         }
 
+        if (signatureMask.length == 0) {
+            throw new CouldNotVerifyPackageException("Failed reading signatures for package " + packageName);
+        }
+
         // Create and configure an AssetLinksJSONParser object
         final StatementMatcher androidAppMatcher = StatementMatcher
                 .createAndroidAppStatementMatcher(
diff --git a/digitalassetlinks/src/test/java/com/solana/digitalassetlinks/AndroidAppPackageVerifierUnitTests.java b/digitalassetlinks/src/test/java/com/solana/digitalassetlinks/AndroidAppPackageVerifierUnitTests.java
index 339a5c4..3ed7007 100644
--- a/digitalassetlinks/src/test/java/com/solana/digitalassetlinks/AndroidAppPackageVerifierUnitTests.java
+++ b/digitalassetlinks/src/test/java/com/solana/digitalassetlinks/AndroidAppPackageVerifierUnitTests.java
@@ -69,6 +69,24 @@ public void testAppPackageVerificationSuccess()
         assertTrue(verified);
     }
 
+    @Test
+    public void testAppPackageVerificationNoCertificates() {
+        ArrayList<MockWebContentServer.Content> mockWebContent = new ArrayList<>();
+        mockWebContent.add(new MockWebContentServer.Content(
+                URI.create("https://www.test.com/.well-known/assetlinks.json"),
+                HttpURLConnection.HTTP_OK,
+                "application/json",
+                ANDROID_APP_STATEMENT_LIST_CERTS_2_3));
+
+        final PackageManager pm = mockPackageManagerFactory(
+                "com.test.sample", new byte[][] {}, true);
+
+        final AndroidAppPackageVerifierHarness verifier =
+                new AndroidAppPackageVerifierHarness(pm, mockWebContent);
+        assertThrows(AndroidAppPackageVerifier.CouldNotVerifyPackageException.class,
+                () ->verifier.verify("com.test.sample", URI.create("https://www.test.com")));
+    }
+
     @Test
     public void testAppPackageVerificationNoAssetLinks() {
         ArrayList<MockWebContentServer.Content> mockWebContent = new ArrayList<>();
@@ -205,11 +223,8 @@ public void testAppPackageVerificationNoMatchingPackageInPackageManager() {
     private static PackageManager mockPackageManagerFactory(@NonNull String packageName,
                                                             @NonNull byte[][] certificates,
                                                             boolean multipleSigners) {
-        if (certificates.length == 0) {
-            throw new IllegalArgumentException("at least 1 certificate required");
-        } else if (multipleSigners && certificates.length == 1) {
-            throw new IllegalArgumentException("multipleSigners requires at least 2 certificates");
-        }
+        // NOTE: empty certificates would normally be an error, but we want to exercise unit tests
+        // for this case, so allow it when constructing a mock PackageManager
 
         final PackageInfo pi = new PackageInfo();
         final int piFlags;