Is it okay to sign two different applications with the same key?

Question

I have made two versions of my application, a "large" version, and a "mini"/"lite" version.

Should I be signing both of these with the same key? Or should I sign with a unique key for each of them?

What are the repercussions of signing multiple applications with the same key?

Answer 1

Please sign your apps with the same certificate only in case you need to share data, or other resources. Some disadvantages of signing with the same certificate:

1. If your app certificate is compromised, all your apps are in danger. Certificate holder can create fake updates for your apps to steal users data etc.

2. If you wanna sell one of your apps, you have to compromise your certificate to the buyer.

3. If you lose your certificate, you will be unable to make updates for all your apps. You will be forced to create new packages (new apps) for all of them.

4. If one of your apps has signature level permission, or allows user id sharing, all your apps can take advantage of this!

Happy signing!

Answer 2

Signing is used mainly to identify an application's developer. If anything, you're suppose to sign all applications you make with the same key.

The Android system requires that all installed applications be digitally signed with a certificate whose private key is held by the application's developer. The Android system uses the certificate as a means of identifying the author of an application and establishing trust relationships between applications. The certificate is not used to control which applications the user can install. The certificate does not need to be signed by a certificate authority: it is perfectly allowable, and typical, for Android applications to use self-signed certificates.

Read everything here: http://developer.android.com/guide/publishing/app-signing.html