[GUIDE] Signing and zipaligning your app

Search This thread

nikwen

Senior Member
Feb 1, 2013
3,142
1,597
Berlin, Germany
www.nikwen.de
This is my tutorial on how to sign and zipalign apps for publishing:

If you run an app in Eclipse or Android Studio, it is signed with a standard debug certificate. This is perfect for testing. However, do never release an app signed with the standard debug certificate. Users will be able to install the app for just 365 days and people can easily decompile your apk.
Signing is an easy way of preventing this and to identify the developer. You will not be able to upload an apk signed with the Eclipse or Android Studio debug certificate to Google Play.
Signing means creating a keystore which is a container for your keys. Then you will create a key and sign your application with that.

You will also need to zipalign your app. This optimizes the apk in some ways.

These two things can be done using Eclipse and its export wizard or Android Studio. This will sign and zipalign your app:

Eclipse:

1) Develop your app. ;)

2) Open the project in Eclipse and select Files -> Export.

4) Select "Android" -> "Export Android Application":

picture.php


5) Choose the project you want to export:

picture.php


6) Select "Create a new keystore". Enter the location of the keystore and the password and confirm it:


picture.php


7) Enter the name for the key, a password for the key, your name and the validity (the period of time users will be able to install your app for):

picture.php


8) Select the destination to which the apk should be exported:

picture.php


9) Click finish.

10) You are done! :good: :D


Android Studio:

1) Develop your app. ;)

2) Open the project in Android Studio and select Build -> Generate Signed APK...

3) Enter the path of the keystore and hit Create new... :

picture.php


4) Enter the password for the keystore, the name for the key, a password for the key, your name and the validity (the period of time users will be able to install your app for):

picture.php


5) The form will be filled out automatically:

picture.php


6) Select the destination to which the apk should be exported:

picture.php


7) Click finish.

picture.php


8) You are done! :good: :D

Some tips:

  • Keep your keystore at a secure location and do not tell anybody else the passwords. If they knew the password, they would be able to decompile your apk and sign it with your certificate. Everybody would think that you are the developer. So keep your key secure. ;)
  • Sign all of your apps with one certificate. It will be used to identify you. You will need it for some features like two applications sharing one Dalvik VM or a data directory.
  • Remember: You will not be able to change the certificate after releasing it through Google Play once.

Happy coding! ;)

This was featured on the XDA portal on April 28, 2013. :D
 
Last edited:
P

Psykic

Guest
nice man i was luking for a guide lyk this....
im a beginner
cud u tell me more about keystore ...lyk how to male or get one ??

Sent from my GT-S5360 using xda app-developers app
 

nikwen

Senior Member
Feb 1, 2013
3,142
1,597
Berlin, Germany
www.nikwen.de
What? This is a guide about making one, what else would you want? Also: it needs to stay secure, what's the point in mailing one?

If someone else has your key and the password, he will be able to sign his apps with your key. Everyone will think that it is your app. If there is malicious code, you will be responsible for it unless you can prove that it is not created by you.
If someone has just the password, he will be able to decompile your apps.

And for mailing: It is a security risk because somebody could hack your or the other one's account.

So keep your keys and passwords secure. ;)

Btw, thank you for helping the others when I was not at home. :good:
 
  • Like
Reactions: coolbud012

bassie1995

Senior Member
Jan 9, 2011
2,505
407
Delft
If someone else has your key and the password, he will be able to sign his apps with your key. Everyone will think that it is your app. If there is malicious code, you will be responsible for it unless you can prove that it is not created by you.
If someone has just the password, he will be able to decompile your apps.

And for mailing: It is a security risk because somebody could hack your or the other one's account.

So keep your keys and passwords secure. ;)

Btw, thank you for helping the others when I was not at home. :good:

So yeah, this :p.
 
P

Psykic

Guest
okay so its finally time for me to sign an app ...but when i export the project everything goes well until the keystore part.....what do i need to type into it.....
i need to create a new keystore ...but im asked for the path to the keystore.....

pretty confused .....
 

nikwen

Senior Member
Feb 1, 2013
3,142
1,597
Berlin, Germany
www.nikwen.de
okay so its finally time for me to sign an app ...but when i export the project everything goes well until the keystore part.....what do i need to type into it.....
i need to create a new keystore ...but im asked for the path to the keystore.....

pretty confused .....

Yeah, point 6 says:

6) Select "Create a new keystore". Enter the location of the keystore and the password and confirm it:

That means that it asks for the path where the keystore should be created.
Check my screenshot. ;)
 

njarun

Senior Member
Sep 27, 2011
162
46
35
Kottayam
Since some days i use android debug keystore to sign my app's test builds. And then i transfer it to my phone. But when i try to run it after installing Im getting contineous force closes! Any Idea? Want me to paste the logcat? Im sure that there is no mistake in program. because the app runs smoothly when installing from eclipse.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 44
    This is my tutorial on how to sign and zipalign apps for publishing:

    If you run an app in Eclipse or Android Studio, it is signed with a standard debug certificate. This is perfect for testing. However, do never release an app signed with the standard debug certificate. Users will be able to install the app for just 365 days and people can easily decompile your apk.
    Signing is an easy way of preventing this and to identify the developer. You will not be able to upload an apk signed with the Eclipse or Android Studio debug certificate to Google Play.
    Signing means creating a keystore which is a container for your keys. Then you will create a key and sign your application with that.

    You will also need to zipalign your app. This optimizes the apk in some ways.

    These two things can be done using Eclipse and its export wizard or Android Studio. This will sign and zipalign your app:

    Eclipse:

    1) Develop your app. ;)

    2) Open the project in Eclipse and select Files -> Export.

    4) Select "Android" -> "Export Android Application":

    picture.php


    5) Choose the project you want to export:

    picture.php


    6) Select "Create a new keystore". Enter the location of the keystore and the password and confirm it:


    picture.php


    7) Enter the name for the key, a password for the key, your name and the validity (the period of time users will be able to install your app for):

    picture.php


    8) Select the destination to which the apk should be exported:

    picture.php


    9) Click finish.

    10) You are done! :good: :D


    Android Studio:

    1) Develop your app. ;)

    2) Open the project in Android Studio and select Build -> Generate Signed APK...

    3) Enter the path of the keystore and hit Create new... :

    picture.php


    4) Enter the password for the keystore, the name for the key, a password for the key, your name and the validity (the period of time users will be able to install your app for):

    picture.php


    5) The form will be filled out automatically:

    picture.php


    6) Select the destination to which the apk should be exported:

    picture.php


    7) Click finish.

    picture.php


    8) You are done! :good: :D

    Some tips:

    • Keep your keystore at a secure location and do not tell anybody else the passwords. If they knew the password, they would be able to decompile your apk and sign it with your certificate. Everybody would think that you are the developer. So keep your key secure. ;)
    • Sign all of your apps with one certificate. It will be used to identify you. You will need it for some features like two applications sharing one Dalvik VM or a data directory.
    • Remember: You will not be able to change the certificate after releasing it through Google Play once.

    Happy coding! ;)

    This was featured on the XDA portal on April 28, 2013. :D
    2
    Thanks!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Cool

    You are welcome. ;)
    2
    nice man i was luking for a guide lyk this....
    im a beginner
    cud u tell me more about keystore ...lyk how to male or get one ??

    Sent from my GT-S5360 using xda app-developers app

    What? This is a guide about making one, what else would you want? Also: it needs to stay secure, what's the point in mailing one?
    1
    Where is the zipaligning part?

    I think that's included when you export it.
    Never had to do it myself, nor have I heard of having to do so.


    okay got it...

    newbie to apps .... :D

    No problems, glad to help and have fun making apps :).

    Sent from my GT-I9300 using Tapatalk 2
    1
    What? This is a guide about making one, what else would you want? Also: it needs to stay secure, what's the point in mailing one?

    If someone else has your key and the password, he will be able to sign his apps with your key. Everyone will think that it is your app. If there is malicious code, you will be responsible for it unless you can prove that it is not created by you.
    If someone has just the password, he will be able to decompile your apps.

    And for mailing: It is a security risk because somebody could hack your or the other one's account.

    So keep your keys and passwords secure. ;)

    Btw, thank you for helping the others when I was not at home. :good: