How to sign Android apk

The Android project is uniquely identified with its package name, and if two identical apps are installed on the same device, the apps installed later will overwrite the ones installed earlier. To prevent this from happening, we need to sign the app that was released as a product.

The signature actually has two functions:

(1) Determine the identity of the publisher. Prevent others from replacing your installed programs with the same package name.

(2) Ensure the integrity of the application. The signature processes each file in the app package to ensure that the files in the package are not replaced.

During the development and commissioning phase of the app, the ADT plugin or ant tool for Eclipse automatically generates a debug certificate to sign the Android app. However, if you want to formally publish an Android app, you must use the appropriate digital certificate to sign the application, and you cannot publish it using the ADT plugin or the debug certificate generated by the Ant tool.

There are two different ways to sign Android apps:

1. Sign the Android app in Eclipse

(1) Right click on Android project, Android Tools-->export signed application package ...

(2) If the system does not have a digital certificate, you can select "Create new KeyStore" to fill in the format of the digital certificate storage path and password.

(3) Fill out the details of the digital certificate.

(4) Specify the storage path of the APK installation package after the signature is generated.

Once the signing certificate is finished, you can sign it directly with the digital certificate.

(1) Select the previously created KeyStore and enter the specified password when creating KeyStore.

(2) Select the key of the alias Yq created earlier and enter the password specified when the key was created to generate the signed APK package.

2. Use the command to sign the APK package

In some cases, we may need to sign an "unsigned" APK package, and the Android app can be manually signed by "command".

(1) Create a KeyStore library. The Keytool.exe is provided under the bin subdirectory of the JDK's installation directory to generate a digital certificate.

In the Command window, enter:

Keytool-genkeypair-alias yqkey.keystore-keyalg rsa-validity 100-keystore yqkey.keystore

Description

-genkeypair: Specifies that a digital certificate is generated.

-alias: Specifies the alias that generates the digital certificate.

-KEYALG: Specifies the algorithm that generates the digital certificate. Use the RSA algorithm.

-validity: Specifies the validity period of the generated digital certificate.

-keystore: Specifies the storage path of the generated digital certificate.

After the carriage return, the next step is to let us enter the details of the digital certificate KeyStore's password, author, company, etc. interactively.

This step can only be done once, and once the digital certificate has been created successfully, the certificate may be reused as long as it is within the validity period of the certificate.

(2) Generate an unsigned APK installation package. Right click on Android project in Eclipse, Android tools-->export Unsigned application Package ...

(3) Use the Jarsigner command to sign the unsigned APK installation package. The Jarsigner.exe tool is signed under the Bin subdirectory under the installation directory of the JDK. In the Command window, enter:

Jarsigner-verbose-keystore Crazyit.keystore-signedjar demo_yqkey.apk demo.apk yqkey.keystore

Description

-verbose: Specifies that verbose output is generated.

-keystore: Specifies the storage path for the digital certificate.

-signedjar: Three parameters for this option are separately signed APK package, unsigned APK package, digital certificate alias.

After the carriage return, the next step is to let us enter the password for the digital certificate KeyStore in an interactive way.

(4) Use the Zipalign.exe tool to optimize the APK installation package. Zipalign.exe is an android-brought file grooming tool that can be used to optimize the APK installation package, which improves the efficiency of the interaction between Android apps and the system, and increases the speed of application operation. In the Command Line window, enter:

Zipalign-f-V 4 demo_yqkey.apk

demo_yqkey_zip.apk

Description

-F: Specifies that an existing file is forced to overwrite.

-V: Specifies that verbose output is generated.

4: Specifies the number of bytes that the archive is based on, usually specified as 4, which is the collation based on 32 bits.

DEMO_YQKEY.APK and demo_yqkey_zip.apk, respectively, set up the pre-finishing apk and after finishing the generated apk.

The generated demo_yqkey_zip.apk file is a signed and optimized APK installation package that can be released externally.

How to sign Android apk