Different types of APK

Question

Can someone please explain the difference between:

• signed apk
• unsigned apk
• apk in debug mode
• apk in release mode

Although its clear that signed apk is the one you generate apk with your own certificate and the unsigned one without without certificate.

Especially what are the apk in debug mode and apk in release mode really mean?

How are these two related with signed apk and unsigned apk?

Edited: Also is there any more types of apk apart from this?

I have already read the docs at http://developer.android.com/tools/publishing/app-signing.html

It only explains about the Signing in Debug Mode and Signing in Release Mode, but they didn't mention anything about the apk in debug mode and apk in release mode.

Answer 1

The same way you can have documents signed with a digital key to prove their origin and ownership and websites have a certificate for that, you can do the same thing with APKs by signing them using the tools provided by the SDK.

Unsigned vs Signed APK:

One has been signed and the other has not. Just like that. Think of GPGed emails or Websites with the Green thingy on the address bar for signed APKs and plain emails or websites with no ssl for unsigned APKs.

Before we talk about debug mode and release mode, I'll give a very brief explanation on signing, actually talk about authority-certified signing and self-signing.

When you go to a SSL protected website you might see either a warning message or a red X by the url, depending on the browser, warning you that the certificate can't be trusted. Normally that means the website is using a self-signed certificate. What that means is that you can't really tell who made the certificate and no one can really say it's secure for real or that it comes from where it says it does.

On the other hand, the Authority-certified signed certificates, they have someone(a company) which is known and (is supposed to) guarantees the quality of the certificate and that who's using is who it should be.

Now back to APKs:

When you're just testing your app, when you want test it, you don't really need a proper certificate as you're the one installing the app on your device and you know (at least you should) the app you're making is not supposed to cause any problems.

On the other hand, when you put them in the Android market, it is important to know that the app people are downloading are really yours, so that's when you're gonna use a properly signed certificate. The one you can't lose and blah blah blah.

This brings us to Debug mode and Release mode.

They are just build/deploy environment/settings to help you be more productive.

When you select debug mode, the apk will(might?) contain a lot more debug info (and for that be bigger) and will normally be signed with your self-signed certificate (the debug key) which is (most normally) automatically generated.

when you select release mode it (should) strip useless debug information reducing the size of your app and will properly sign your APK with a certified key which is necessary to release apps in the market.

Hope this helps and if you need more clarifications ask in the comments