Issues in publishing unsigned .apk file?

Question

There are many questions about signed and unsigned .apk files.for testing & debugging we can use unsigned .apk file that generated inside bin folder. This apk file generated using a dummy keystore file. My question is why we need to use signed apk. can't we publish a unsigned apk. what's wrong with that?

Answer 1

There's a number of reasons why you want to have a release signed application. There's even a great article about it. Here's a few reasons:

1. It's a method that the end user can verify that an app is in fact published by the same author.
2. The release process allows for Android to use additional features, like In App purchases. Without it, Google can't verify that in fact the app is yours.
3. It's a way of saying that someone trusted released the app.
4. It is a two step authentication process to verify your app is yours. That gives an added layer of security that can't be done via other means.
5. Applications signed with the same key are allowed to share resources. The debug certificate is shared by all, and you probably don't want to have that level of access with all of your apps.

Basically, it makes a hacker's life more difficult, which is always a good thing.

For instance, one might give access to the Google Play account to people to modify the description, but you don't want them to upload new apps. Without the key, they can't upload the app. Furthermore, if your google password is cracked, you still can't upload the app. It takes having your private key file and key to crack it.