Sign your app

Certificates and keystores

To help Android ensure that any future updates to your app are authentic and come from the original author. It needs a tool for identifying author. Android use public/private key pairs.

A public-key certificate, also known as a digital certificate or an identity certificate is a public key. The public-key certificate serve as a "fingerprint" that uniquely associates the APK or app bundle to you and your corresponding private key.

A keystore is a binary file that contains one or more private keys.

Sign your debug build

Android Studio automatically signs your app with a debug certificate generated by the Android SDK tools in $HOME/.android/debug.keystore.

Expire of the debug certificate.

When the certificate expires, you will get a build error.

To fix this problem, simply delete the debug.keystore

Manage your key

  • Manage your own key and keystore.
  • Use App Signing by Google Play.

Manage your own key and keystore

You are responsible for securing the key and the keystore. - A key(App signing key) is a private key. - A keystore is a binary file contains keys.

If you loose access to your key or key is compromised, Google cannot retrieve the app singing key for your

  1. You export and encrypt your app signing key using the tool provided by Google Play, and then upload it to Google.
  2. Then you create a separate upload key and register it with Google.
  3. When you are ready to publish, you sign your app using the upload key and upload it Google Play.
  4. Google Play verify your identity and sing your APK(s) with your app signing key for distribution.

When you lose your upload key, you can revoke your old upload key and generate a new one.

Generate a key and keystore.

You can generate one using Android Studio 0. Build > Build > Generate Signed Bundle/APK

Configure gradle.build

android {
    signingConfigs {
        release {
            storeFile project.KEYSTORE_STORE_FILE
            storePassword project.KEYSTORE_STORE_PASSWORD
            keyAlias project.KEYSTORE_KEY_ALIAS
            keyPassword project.KEYSTORE_KEY_PASSWORD
        }
    }
    buildTypes {
        release {
            ...
            signingConfig signingConfigs.release
        }
    }

Sign your app from command line

keytool -genkey -v -keystore my-release-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias my-alia

Sign your app from command line