Menu
I build two apps first app com.pakname.pak1 and the second with com.pakname.pak2 package name, then I got one key mykey.keystore.
What happens if I sign the both apps with the same key and publish them to the android market ?
is this good habit ? I guess is not but I do not get the point of signing apps from same company with different keys.
can someone explain me this kind of scenario
Thanks
477
There is no limit. It is worth noting that in most cases, the purpose of a signing certificate is not to certify the contents itself (in this case, the app), but its origins. Multiple apps signed with the same certificate would point to the fact that they're originating from the same source.
So yes, you can use the same keystore to sign multiple apks, without a problem. You can also use the same alias (each alias is a certificate) to sign multiple apks, and it will work. It has security implications, however.
Open Play Console and go to the Play App Signing page (Release > Setup > App integrity). In the “Upgrade your app signing key” card, select Request key upgrade. Select an option to upgrade your app signing key to all installs on Android T and above.
Read this
Signing Strategies
Some aspects of application signing may affect how you approach the development of your application, especially if you are planning to release multiple applications.
In general, the recommended strategy for all developers is to sign all of your applications with the same certificate, throughout the expected lifespan of your applications. There are several reasons why you should do so:
Application upgrade – As you release updates to your application, you will want to continue to sign the updates with the same certificate or set of certificates, if you want users to upgrade seamlessly to the new version. When the system is installing an update to an application, it compares the certificate(s) in the new version with those in the existing version. If the certificates match exactly, including both the certificate data and order, then the system allows the update. If you sign the new version without using matching certificates, you will also need to assign a different package name to the application — in this case, the user installs the new version as a completely new application.
Application modularity – The Android system allows applications that are signed by the same certificate to run in the same process, if the applications so requests, so that the system treats them as a single application. In this way you can deploy your application in modules, and users can update each of the modules independently if needed.
Code/data sharing through permissions . The Android system provides signature-based permissions enforcement, so that an application can expose functionality to another application that is signed with a specified certificate. By signing multiple applications with the same certificate and using signature-based permissions checks, your applications can share code and data in a secure manner.
66
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
