Android program packaging and signature

Why is the signature required ???

So many people develop Android, it is entirely possible that everyone will put the class name and package name into the same name. How can we distinguish this time? Signatures are differentiated at this time.

Because developers may use the same package name to confuse and replace the installedProgramThe signature can be named, but the packages with different signatures are not replaced.

If an APK uses a key signature, the file with the other key signature cannot be installed or overwrite the old version at the time of release, which can prevent your installed application from being overwritten or replaced by malicious third parties.

In this way, the signature is actually the developer's identity. When a transaction is rejected, the signature can prevent it from happening.

 

Signature considerations

• All Android applications must have digital signatures, and there are no applications without digital signatures, including those running on simulators. Android does not install applications without digital certificates.
• The signed digital certificate does not need to be authenticated by an authority. It is a digital certificate generated by the developer, that is, a self-signed certificate.
• When officially releasing an Android Application, you must use a digital certificate generated by the appropriate private key to sign the program. You cannot use the debugging certificate generated by the ADT plug-in or ant tool to publish the application.
• Digital Certificates are valid. Android only checks the validity period of the certificate when the application is installed. If the program has been installed in the system, the normal functions of the program will not be affected even if the certificate expires.

Signature Method

1: Open eclipse-> select the project you want to sign-> right-click-> Android tools-> export signed application package. The following window is displayed:

2: select the project you want to sign and next,

Because this is the first signature and there is no signature certificate, create new keystore first, and then you don't have to create it. Select an existing certificate directly.

Select the location where the certificate is saved, enter the password, and next,

3:

Enter the visa information, including the alias, password, validity period, name, organization, organization name, city, province, and country, and finish.

4: In the last pop-up window, select the location where you want to save the APK package.

After you click Finish, your android installation package will be generated in a moment.