Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Android APK Certificates - what fields are required and what if that info changes?

Tags:

android

certificate

apk

signing

This seems pretty basic but I can't find the info I'm looking for anywhere, particularly with regard to Android apps.

I am creating my release key (self-signed) and I am asked for lots of info:

  • First and Last Name: (OK; not likely to change)
  • Organizational Unit: (Is this one's "business name"?)
  • Organization: (How's this different from the "Unit" above?)
  • City or Locality: (This may change...)
  • State or Province: (Also may change...)
  • Country Code (XX): (OK; not likely to change)

With that in mind, I've got two basic questions about self-signed certificates used to distribute Android apps:

  1. On creation, can I leave any of these fields EMPTY, particularly the ones that are likely to change? Or is that forbidden? (The big question.)
  2. What if I want to change a given field later? Does that mean creating a new key and having everyone reinstall the app to ever upgrade again, even if I have the original key? (Seems to be the case, judging by what little I have found.)

Thanks in advance!

Edit: More info on #1 above: if this is anything like SSL certs, then the Name, Organization and Country should be sufficient. But IS that the case? Pros and cons of leaving any/all the other fields blank? I can't be the only one who's wondered about this in terms of apps... and the Android docs I've read so far aren't helping clarify this.

For #2, it appears that changing the certificate means regenerating it, and signing with that new cert doesn't avoid the Market problem (it's like a whole new app, even if you sign with both the new AND old certs). So it's all the more important to get it right (yet sufficiently generic in case you move) the first time you sign the app.

like image 488
MartyMacGyver Avatar asked Oct 07 '11 05:10

MartyMacGyver

People also ask

What is APK certificate?

The public-key certificate serves as as a "fingerprint" that uniquely associates the APK to you and your corresponding private key. This helps Android ensure that any future updates to your APK are authentic and come from the original author. The key used to create this certificate is called the app signing key.

What is Android App certificate?

In the web, certificates are used to map a public key with domain / identity (organization). The hash of the details is signed by CA, then verified by the browser. An Android app ships with a public key.

Why does an APK need to be signed?

Application signing allows developers to identify the author of the application and to update their application without creating complicated interfaces and permissions. Every application that is run on the Android platform must be signed by the developer.

1 Answers

The content of these fields are actually pretty irrelevant and are not generally seen by anyone other than you. You can leave empty fields wherever keytool will allow without consequence later.

Once you sign an apk with a keystore and upload it to the Android Market, you cannot sign that same package with another keystore. This is obviously done to prevent someone else from replacing your app with another.

For my keystore I put my personal information in it, set the expiration date for 999 years in the future and keep it safe and backed up.

like image 64
Michael Pardo Avatar answered Sep 23 '22 03:09

Michael Pardo
Sign in to Comment

Related questions

How to clear Fragment backstack in android
How do I restart an android emulator?
Unable to do low-level decoding of video on Android 4.2 without using media extractor
Saving child collections with OrmLite on Android with objects created from Jackson
TaskStackBuilder transition animation
Devices with Android + MIUI and setCustomSelectionActionModeCallback
Android Wear notification prevent blinking icon when updating
JNI Error on Scene Transition Animation - Layer exceeds max
Analyzing Android Project with Lint and SonarQube
Subtract Blend Mode using ColorMatrixFilter in Android?
Android keystore stopped working
Which Android logging framework to use? [closed]
Moving MapFragment (SurfaceView) causes black background flickering
Lazy Load images on Listview in android(Beginner Level)? [duplicate]
Kivy for Android apps [closed]
Android Unit Tests with Dagger 2
Chrome DevTools broken - Stetho unusable
ViewPager with fragments - onPause(), onResume()?
What is fatal signal 6 in android logcat [closed]
Android Studio: "Use default gradle wrapper" vs. "Use customizable gradle wrapper"

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!