After following the procedure in Signing your APP with the ADT plugin for Eclipse, I verified manually the signed apk (described below in the same page) with:
$ jarsigner -verify -verbose -certs my_application.apk
And every entry was signed properly [s and sm], but at the end this showed up:
Warning:
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2040-01-01) or after any future revocation date.
Is it better for apks uploaded to Goggle Play to have the jar (apk)'s entries with a validated "certificate chain" and with the signatures with a timestamp?... Why (and why doesn't the Export procedure achieve this)? If it is better, what do I need to do?
The zipalign suggested at the end of that page:
$ zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
Verified everything successfully.
You're probably using the Java 7 tools. If you install and use the Java 6 tools this will go away.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With