Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

1 Keystore to sign all apps or 1 per app?

I am wondering which is the more popular option, Having 1 keystore to sign all the apps you publish, and duplicating that keystore into the cloud and locally to keep it safe, or generating a new keystore for every new app submitted, and keeping copies of all of them?

It seems easier to have 1 keystore for everything, but despite duplicating it, im afraid of it getting corrupted and loosing access to all of the apps.

Whats the best approach for this situation?

like image 884
Glenn.nz Avatar asked Mar 13 '12 20:03

Glenn.nz


People also ask

Can I use single keystore for multiple apps?

So yes, you can use the same keystore to sign multiple apks, without a problem. You can also use the same alias (each alias is a certificate) to sign multiple apks, and it will work.

What is the use of keystore in app signing?

A keystore is a storage mechanism for security certificates. A public key certificate is used to sign an APK before deployment to services like the Google Play Store.

How do I find out which keystore was used to sign an app?

Signature of a keystore Note that if you are using Play App Signing, your upload key may differ from the key used by Google Play to sign your app. In this case, you can find the app signature from the Google Play Console on the Release > Setup > App Integrity page.

How Android apps are signed?

Applications can be signed by a third-party (OEM, operator, alternative market) or self-signed. Android provides code signing using self-signed certificates that developers can generate without external assistance or permission. Applications do not have to be signed by a central authority.


1 Answers

If you use the same keystore, it will be easier to make your apps work together. By having them signed with the same key, you can use a shared UID (not really recommended), or use signature based permissions. That would make it possible to export certain data or functionality and restrict access to your own apps only (using a ContentProvider or a remote service). The downside is, that if you loose the key, you'll have to republish all apps.

If you use separate keystores, it's easier to transfer an app to someone else (give them keystore and password). Additionally, you need to re-publish only one app if you lose/corrupt the keystore.

Take you pick, but I'd say: use the same keystore and make lots of backups. I would also use physical media (CD, etc) in separate locations, rather then the 'cloud', but that's your choice too.

like image 130
Nikolay Elenkov Avatar answered Sep 19 '22 17:09

Nikolay Elenkov