The description of the rule says that only RSA/None/OAEPWITHSHA-256ANDMGF1PADDING is complaint, but Java treats ECB as None and the recommended compliant solution with None is not accepted by Java itself.
WebCrypto uses SHA256, but that would be equivalent to using a prgramatically created provider and cipher, i.e. not by using the default “RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING”: Web Cryptography API
to be honest it’s difficult to come up with a compliant solution for this rule that works for all Java security providers, in theory RSA/None is the most suitable solution, as explained earlier in this thread, because ECB mode doesn’t make sense for asymmetric algorithms like RSA and will be treated as None behind the hood, but since the Android keystore provider only offers ECB mode, it’s also fair to propose this compliant solution in the rule description.
The update will be visible in the next release
Thank you very much for letting us know about this