Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Android - What happens when a signing key expires?

Tags:

android

apk

code-signing

android-install-apk

code-signing-certificate

If a signing key expires, do existing apks refuse to install, or does it just mean that new apps can't be signed with that key?

We are recommended to use keys that expire in 25+ years, and Google Play mandates expiry of at least 2033-10-22! However, some people may wish to renew their keys far more frequently than that for security reasons (Moore's law, cracked algorthms, etc.).

If an apk's key has expired, is there any way of installing it (without relying on the developer to re-release)?

like image 761
James Haigh Avatar asked May 12 '12 19:05

James Haigh

People also ask

What happens when signing certificate expires?

If you sign an installer, executable file, or other code with an expired code signing certificate, it will not be trusted by users' operating systems. You should renew your code signing certificate with your certificate authority (CA) before it expires.

What happens when keystore expires?

A digital certificate has a validity period, after which the certificate expires. Once a certificate expires, it is no longer valid, and it can cause the client-server communication to fail at the SSL handshake level.

What happens if I lost my app signing certificate?

Fill this Google support form. For the Developer account ID, you can found get it from here. Don't forget to include the app's package name and describe the issue by mentioning that you lost the app's signing key. Then, in a short time they'll send you an instruction email.

What is signing key in Android?

Keystores, keys, and certificates App signing key: The key that is used to sign APKs that are installed on a user's device. As part of Android's secure update model, the signing key never changes during the lifetime of your app. The app signing key is private and must be kept secret.

1 Answers

If a signing key expires, do existing apks refuse to install, or does it just mean that new apps can't be signed with that key?

jarsigner will refuse to use an expired key, and apk's signed with the old key will be refused by Android on install, but apps already installed will continue to run just fine.

https://developer.android.com/guide/publishing/app-signing.html

If an apk's key has expired, is there any way of installing it (without relying on the developer to re-release)?

Yes, the apk can be resigned with your own certificate.

like image 136
James Haigh Avatar answered Oct 29 '22 01:10

James Haigh
Sign in to Comment

Related questions

Youtube HTML5 Video Stopped Working in Android
How to add a contact with first name and last name via intent
Honeycomb ActionBar Title Shadow
Android resources not found on some devices
int array to opengl texture in android
How to instantiate layout for custom preference, using android:layout attribute
How to implement voice & video chat [closed]
Scrolling/zooming a scene in OpenGL and subdivision
Android: Improve sensor sampling rate by use of NDK and polling
Memory issues in fragments showing images
Database undefined error in phonegap android?
How to find out if an App has been moved to SD card on Android
Get drawable for density for API Level <15
Android - Reading HTML5 localStorage data direct from Java
communicating with socket.io from android
facebook api on android: blank screen instead of auth
Android 4.0.3. USB Host - communication with a camera
Is the rest client app design approach in google io 2010 still up to date?
Displaying a huge map with good performance on Android?
What is dexopt ? ( Android Shell Command )

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!