I understand how difficult this is for you. But there really shouldn't be a good way to use SHA1 - that's how systems get compromised.

Delivering an insecure app probably should entail clicking endless security warnings; it's not secure!

-jk