Android Application Signature
The Android system requires that all programs be installed with digital signatures. If no digital signature is available, the system will not install and run this program, whether it is a simulator or a real mobile phone. Therefore, before running the debugging program on a device or simulator, you must set a digital signature for the application. The Android system only tests the validity period of the signature certificate during installation. If the application signature expires after installation, the application can still be enabled normally.
Android uses a digital signature to identify the author of an application and establish a trust relationship between the application. It is not used to determine whether users can install the application. The android signature is completed by the application author and does not need to be authenticated by an authoritative Digital Certificate Signing Authority. It is only used to authenticate the application package.
Default debug Key signatureWhen you use Eclipse for packaging and testing, ADT automatically uses the debug key to sign the application. The debug key is a file named debug. keystore, which is located on the computer:
/UserName/. Android/debug. keystore, where userName is the user name of the computer.The apk package under the bin directory of the project uses the debug key as the signature package, so theoretically this package cannot be used for online release.
Generate a key signatureThe entire process involves several tools:
The simplest method is to directly use the Eclipse function to complete this series of operations:
Right-click the project and choose Android Tools> Export signed Application package. Select the existing keystore signature and create a new keystore signature. There are several key information to remember:
Enter the correct keystore information to output a packaged apk package.
What should I do if I mistakenly use the application released by debug. keystore?That's right... I am talking about myself.
ProblemsDuring the first release, copy the apk package from the bin directory and release the package. In this way, the debug. keystore signature is used and the application is launched. I think this happens because I do not know much about the details of the Android Application signature.
After discovery, you want to use a self-generated "regular" keystore to update the application. Because the keystore is changed, the signature of the installation package changes. When you update an application, an error is reported during installation. During the installation process, the system detects that the program signature is inconsistent and considers the installation package to be risky (possibly tampered with). If the installation fails, uninstall the original application and reinstall it. This is a serious problem !!!
SolutionOne word, change it !!!
Find the debug. keystore file. In fact, you only need to save the. keystore file. In the future, it will be okay to use the default key for application signature and update. There is no problem at all. The default password is a bit insecure.
The default debug. keystore information is:
Alias: androiddebugkey
Storepass & keypass: andriod
You only need to use keytool to change alias, storepass, and keypass of debug. keystore to the value we want.
Modify alias:
keytool -changealias -alias your-very-very-long-alias -destalias new-alias -keypass keypass -keystore /path/to/keystore -storepass storepassModify storepass:
keytool -storepasswd -keystore /path/to/keystoreEnter keystore password: changeitNew keystore password: new-passwordRe-enter new keystore password: new-passwordStart building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
