Analysis: Android APK file before online encryption and signature experience sharing

Source: Internet
Author: User

First Step encryption:
1. The meaning of encryption

If the software is not encrypted it is easy to be anti-compilation caused by the source code leaks, to find out the address of the server and indirectly received attacks, such as a series of problems.
2. Methods of encryption
can use Love encrypted URL: http://www.ijiami.cn/ apk encryption, which is provided by the third party safe and reliable! , details can be consulted: http://jingyan.baidu.com/album/925f8cb8151347c0dde0563d.html second Signature of second part:

1. The meaning of the signature

In order to guarantee the legal ID of each application developer, to prevent some of the open vendors from possibly confusing the installed program by using the same package name, we need to uniquely sign our released APK file to ensure consistency for each release we publish ( such as Automatic Updates will not be installed because of inconsistent versions).

2. Procedure for signing

A. Creating a key

B. Sign the APK using the key generated in step a

3. Specific operation

  Method One: Sign the APK at the command line (principle)

To create the key, you need to use the Keytool.exe (located in the Jdk1.6.0_24jrebin directory), using the resulting key to the APK signature is Jarsigner.exe (located in the Jdk1.6.0_24bin directory), After adding the directory where the two software is located to the environment variable path, open the cmd input

D:>keytool-genkey-alias Demo.keystore-keyalg rsa-validity 40000
-keystore Demo.keystore D:>jarsigner-verbose-keystore Demo.keystore-signedjar demo_signed.apk
demo.apk Demo.keystore

Note: The demo.apk in the bin directory of the Android project is signed by default with the debug user, so you cannot use the above procedure to sign the file again. The correct step should be: In the project right click->anroid tools-export Unsigned Application package exported APK takes the above steps to sign.

  method Two: Use Eclipse to export the signed apk Eclipse can directly export the final apk with signature, which is very convenient, recommended, step

As follows:

First step: Export.

The second step: Create the KeyStore keystore, enter the KeyStore export location and password, remember the password, the next use existing KeyStore will be used.

Step three: Fill in the KeyStore information, fill in some apk file password, use the term and organizational unit information.

Fourth step: Generate a signed apk file, and this is the end.

Fifth step: If the next release, use the previously generated keystore to sign again.

Sixth step: Next, Next, then OK!

Method Three: Use IntelliJ idea to export a signed APK

The method steps are basically the same as eclipse, and the approximate action path is: Menu Tools->andrdoid->export signed apk.

4. After signing, use Zipalign (compression alignment) to optimize your apk file.
Unsigned apk cannot be used, nor can it be optimized. After signing the APK Google recommends using the Zipalign.exe (located in the Android-sdk-windows ools directory) tool to optimize it:

D:>zipalign-v 4 demo_signed.apk final.apk

As above, Zipalign enables the uncompressed data in the APK file to be aligned on a 4-byte boundary (4 bytes is a well-performing value) so that the Android system can read the file using the Mmap () function (see the purpose of the function itself) to get higher performance on read resources , ps:1. Alignment on a 4-byte boundary means, generally speaking, the result of a compiler's 4 bytes being read as a unit, so that the CPU can efficiently and quickly access the variable (compared to the previous misalignment).

2. The root cause of alignment: The Davlik virtual machine in the Android system uses its own proprietary format DEX,DEX structure is compact, in order to make the performance of the runtime better, can further use "alignment" further optimization, but the size will generally increase.

5. The impact of the signature on your app.

You can not only do an app, you may have a grand strategic project, want to in life, services, games, systems in all areas want to get into the words, you can not only do an app, Google recommends that you put all your apps use the same signing certificate.

With your own signature certificate, no one can overwrite your application, even if the package name is the same, so the impact is:

  1) app upgrade . Upgrade software with the same signature can gracefully overwrite the old version of the software, or the system will find that the new version of the signing certificate and the old version of the signing certificate is inconsistent, does not allow the new version to be installed successfully.

  2) App modularity . The Android system allows the same app to run in the same process, and if it's running in the same process, they're equivalent to the same app, but you can update them individually, which is an app-level modular mindset.

  3) Allow code and data sharing . A signature-based permission tag is available in Android. With the allowed settings, we can implement access and sharing between different apps as follows:

[HTML]View Plaincopyprint?
    1. Androidmanifest.xml:<</span>permission android:protectionlevel= "Normal"/>

Where the ProtectionLevel tag has 4 values: normal (default), dangerous, Signature,signatureorsystem. In simple terms, normal is a low-risk, and all apps cannot access and share the app. Dangerous is a high-risk, all apps can access and share this app. Signature refers to apps with the same signature that can access and share the app. Signatureorsystem means that the app in the system image and the app with the same signature can access and share the app, and Google recommends not to use this option, because the signature is sufficient, and generally this license is used in the case of an image that needs to share some specific functionality.

Analysis: Android APK file before online encryption and signature experience sharing

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.