Android packaging Signature

I have been familiar with android development for some time. I have some knowledge about packaging signatures, but they are all superficial and not in-depth at all. Today, I checked the relevant content based on the information on the Internet and my own practices, and dispelled some of my questions. By the way, I would like to make a summary.

I. Benefits of packaging signatures

1) applications without signatures cannot be installed on simulators or real machines.

2) applications without signatures or only debug signatures cannot be sold on the Android Market.

3) The signature is the developer's identity, which can prevent the occurrence of transaction credit.

4) Prevent the developer or individual from obfuscation and replacement of installed programs to ensure that different packages with different signatures are not replaced.

5) ensure seamless and continuous upgrade of applications. Applications with different signatures cannot be upgraded.

6) facilitates modular development and deployment of applications and data sharing between applications.

Ii. Types and differences of packaging Modes

There are two packaging signature modes: debug and release.

1) use the "run" button on Eclipse to directly start the program on the mobile phone or simulator, using the debug signature automatically generated by the system. Choose Window> Preferences> Android> Build to view the location of the signature file, as shown in. Although it can be changed, I personally feel that it does not make any sense, just debugging the program.

Note:If the signature expires, you cannot generate the apk file. In this case, you only need to delete the debug keystore and the system will generate a new signature valid for one year.

2) Right-click the project-> android tools-> Export signed Application package. The package is in the release Signature mode and will be signed using our own key file.

3) applications signed in Debug mode cannot be sold on the Android Market. It forces you to use your own signature;

4) The signature certificate in Debug mode, since the day it was created,It will expire in 1 year.

5) The signature files in Debug mode may be generated on different machines. If you upgrade the apk version on another machineThe program cannot overwrite the installationProblem!

Iii. signing other content that you need to know

1) the digital certificate used by the Android package can be self-Signed and does not require signature authentication by an authoritative Digital Certificate Authority.

2) digital certificates all haveValidity PeriodAndroid only checks the validity period of the certificate when the application is installed. If the program has been installed in the system, the normal functions of the program will not be affected even if the certificate expires.

Iv. release mode signature method

There are multiple methods to sign the release mode. The two most common methods are Eclipse + ADT and command line.

1) Eclipse + ADT

This is the simplest and most commonly used method. The procedure is as follows:

A: Project-> cancel Build Automatically

B: Project-> Clean

C: Project-> Build

D: Right-click the project and choose android tools> Export signed Application package.

You can use Create new keystore for the first operation, and then use User existing keystore for signature. Follow the instructions to perform step-by-step operations, and you can easily package the signature.

Note: Keep the generated signature files safe and avoid losing them. This ensures that application publishing can be reused to prevent seamless and continuous upgrade of applications.

2) Command Line Mode

I personally think this is not commonly used. If you want to know the packaging and Signature Details, or if you want to publish an unsigned APK file, you can use this method.

You can right-click the project-> android tools-> Export Unsigned Application package to get an Unsigned program, and then use the standard java tool.Keytool and jarsignerTo generate a certificate and sign the program.

There are many tutorials on keytool and jarsigner commands on the network. You can search for them to learn how to use them.