Android Application Claim Summary _android

Recently, a company's products submitted to the domestic market, found that some domestic market prompts need to apply for the claim. The reason is that others (or market crawlers) have already submitted the application to the market before us. After the successful claim, the application will return to your embrace, in fact, the claim is very simple, the nature of this is the signature of unsigned packages. Because this kind of operation is small and trivial, so more need to record, lest later trouble.

How to claim

1. The general is the market to provide an unsigned APK package, the Claimant party signed, upload can be claimed successfully.
2. The other is the provision of corporate certification, which we do not speak, there is nothing to talk about.

In general, the claim will have an unsigned APK package signature authentication This way, because the signature is unique to the software publisher, by comparing the test to claim the signature of the package and just signed the APK package is consistent, if the unanimous claim success, or failure.

Signing unsigned packages

Copy Code code as follows:

Jarsigner-verbose-sigalg sha1withrsa-digestalg sha1-keystore your_keystore-storepass your_storepass-keypass Your_ke Ypass-signedjar path_of_signed_apk path_of_unsigned_apk Your_alias

Value that needs to be replaced

1.your_key_store KeyStore File path
2.your_storepass Store Password
3.your_keypass Key Password
APK saved directory after 4.path_of_signed_apk signature
5.PATH_OF_UNSIGNED_APK APK package to be signed
Aliases in the 6.your_alias KeyStore

Note that the above signature algorithm sigalg use Sha1withrsa or Md5withrsa can be.

Verifying signatures

Copy Code code as follows:

Jarsigner-verify-certs-verbose your_app.apk

For example, we verify the apk of Baidu Finance, will get similar results

Copy Code code as follows:

19:23 $ jarsigner-verify-certs-verbose baidufinance.apk | More

s 61679 Fri Nov 19:50:16 CST 2014 meta-inf/manifest. Mf

X.509, Cn=baidu, Ou=baidu Inc., O=baidu Inc., L=beijing, St=beijing, C=CN
[Certificate is valid from 12/6/13 10:19 am to 11/24/63 10:19 AM]
[Certpath not Validated:path does is not chain with the ' the Trust anchors]

61800 Fri Nov 19:50:16 CST 2014 meta-inf/mco_baid. SF
936 Fri Nov 19:50:16 CST 2014 meta-inf/mco_baid. Rsa
SM 2304 Fri Nov 19:49:32 CST 2014 Assets/mean/data_mean_24_bank_card

Difficult issues

Copy Code code as follows:

No-tsa Or-tsacert are provided and this jar are not timestamped

Add the following option at the time of signing

Copy Code code as follows:

Jarsigner-tsa http://timestamp.digicert.com

Windows cannot open files

Some Windows tools cannot open the APK after the signature, and if your signature is correct and verified, ignore it.

Signature claim failed

If the signature claim fails, please check that the current line of the package has been two times packaged by someone else tampered with the signature, if so, the need for business communication to solve.