Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

1 Keystore to sign all apps or 1 per app?

Tags:

android

iphone

app-store

google-play

I am wondering which is the more popular option, Having 1 keystore to sign all the apps you publish, and duplicating that keystore into the cloud and locally to keep it safe, or generating a new keystore for every new app submitted, and keeping copies of all of them?

It seems easier to have 1 keystore for everything, but despite duplicating it, im afraid of it getting corrupted and loosing access to all of the apps.

Whats the best approach for this situation?

like image 884
Glenn.nz Avatar asked Mar 13 '12 20:03

Glenn.nz

People also ask

Can I use single keystore for multiple apps?

So yes, you can use the same keystore to sign multiple apks, without a problem. You can also use the same alias (each alias is a certificate) to sign multiple apks, and it will work.

What is the use of keystore in app signing?

A keystore is a storage mechanism for security certificates. A public key certificate is used to sign an APK before deployment to services like the Google Play Store.

How do I find out which keystore was used to sign an app?

Signature of a keystore Note that if you are using Play App Signing, your upload key may differ from the key used by Google Play to sign your app. In this case, you can find the app signature from the Google Play Console on the Release > Setup > App Integrity page.

How Android apps are signed?

Applications can be signed by a third-party (OEM, operator, alternative market) or self-signed. Android provides code signing using self-signed certificates that developers can generate without external assistance or permission. Applications do not have to be signed by a central authority.

1 Answers

If you use the same keystore, it will be easier to make your apps work together. By having them signed with the same key, you can use a shared UID (not really recommended), or use signature based permissions. That would make it possible to export certain data or functionality and restrict access to your own apps only (using a ContentProvider or a remote service). The downside is, that if you loose the key, you'll have to republish all apps.

If you use separate keystores, it's easier to transfer an app to someone else (give them keystore and password). Additionally, you need to re-publish only one app if you lose/corrupt the keystore.

Take you pick, but I'd say: use the same keystore and make lots of backups. I would also use physical media (CD, etc) in separate locations, rather then the 'cloud', but that's your choice too.

like image 130
Nikolay Elenkov Avatar answered Sep 19 '22 17:09

Nikolay Elenkov
Sign in to Comment

Related questions

How to configure the Android Emulator to show onscreen buttons like the new Galaxy Nexus?
ADB over Bluetooth Android
Android Studio 3.0 Canary 1: Kotlin tests or Java tests referring to Kotlin classes fail
Using Tesseract for handwriting recognition
Writing PCM recorded data into a .wav file (java android)
How to group android notifications like whatsapp?
Disable Proximity Sensor during call
How to add an image in email body
Cursor window: window is full
android:elevation only have shadow effects on the bottom side, how to make the shadow effects show on top side?
org.json.JSONObject vs Gson library JsonObject
What happens to JavaScript execution (settimeout, etc.) when iPhone/Android goes to sleep?
Do I have to declare both WRITE_EXTERNAL_STORAGE and READ_EXTERNAL_STORAGE?
Hooking into fragment's lifecycle like Application.ActivityLifecycleCallbacks
setRotation(90) to take picture in portrait mode does not work on samsung devices
Offline mode for Android app using the Google Maps API
Android 4.4.2 - java.lang.RuntimeException: Performing stop of activity that is not resumed
Android application as a service without activity
Kotlin file changes result in Redeclaration error
Android - Controlling a task with Timer and TimerTask?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!