Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What does Android app signing means?

Tags:

android

signing

After developing android app, I have to sign it in order to publish it to Play store.

What does singing process actually do?

I thought it related to encryption, but I am able to uncompress the apk file without any need to my app's signing keys.

like image 652
malhobayyeb Avatar asked Feb 22 '15 19:02

malhobayyeb

2 Answers

Android requires that all apps be digitally signed with a certificate before they can be installed. Android uses this certificate to identify the author of an app, and the certificate does not need to be signed by a certificate authority. Android apps often use self-signed certificates. The app developer holds the certificate's private key.

The basics behind protecting your Android app is to use a generated certificate and digital “key” which provides a unique, encrypted, and reasonably un-hackable signature. This proves that the app came from you, not some other suspicious source.

On Android, this is done via a keystore. The keystore is a simple file with a really large block of encrypted data. This file can be stored anywhere on your computer, and this is generally the first problem that developers encounter. There are two types of keystores that you should be aware of: debug and release. Keystore files are also protected by a pair of passwords: one for the keystore file itself and another for each keystore/alias pair within the file. While these passwords should ideally be unique, most developers use the same password for both.

You can sign an app in debug or release mode. You sign your app in debug mode during development and in release mode when you are ready to distribute your app. The Android SDK generates a certificate to sign apps in debug mode. To sign apps in release mode, you need to generate your own certificate.

How to sign your apps in Android Studio

like image 80
Psypher Avatar answered Oct 23 '22 17:10

Psypher

Android requires that all apps be digitally signed with a certificate before they can be installed. Android uses this certificate to identify the author of an app, and the certificate does not need to be signed by a certificate authority. Android apps often use self-signed certificates. The app developer holds the certificate's private key.

Android Documentation: Signing Your Applications

like image 45
domi Avatar answered Oct 16 '22 22:10

domi
Sign in to Comment

Related questions

Android get sms from inbox, optimized way to read all messages and group them
Where should I put a shape drawable in my Android folders?
Loader delivers result to wrong fragment
Does Google Analytics for Mobile provide any offline data tracking for Android apps? [closed]
Why is an extra FrameLayout created for fragments?
Android, google maps fragment and viewpager - Error inflating class fragment
Javascript backbutton event listener overrides the android device back button
My service always getting Waited long enough for: ServiceRecord error in Kitkat
How do I use the intent action USER_PRESENT?
getActivity() call causes RuntimeException: Could not launch intent Intent act=android.intent.action.MAIN
Take a picture with camera and get bitmap [duplicate]
How to find the status of VPN connection through framework APIs or any other efficient method?
Cannot read property 'getPicture' of undefined - ionic camera
Cordova/Phonegap/Ionic App - local store of remote images
Custom TextView - setText() called before constructor
CSS style color uneffective on star character (★) on Samsung with Android 4.4 KitKat
Skip some fragments onBackPressed
Soft Navigation Bar Overlays App in Lollipop
StaggeredGridLayoutManager change spanCount dynamically RecyclerView
Play In-app Billing v3 - Should I save purchase tokens?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!