This is my tutorial on how to sign and zipalign apps for publishing:
If you run an app in Eclipse or Android Studio, it is signed with a standard debug certificate. This is perfect for testing. However, do never release an app signed with the standard debug certificate. Users will be able to install the app for just 365 days and people can easily decompile your apk.
Signing is an easy way of preventing this and to identify the developer. You will not be able to upload an apk signed with the Eclipse or Android Studio debug certificate to Google Play.
Signing means creating a keystore which is a container for your keys. Then you will create a key and sign your application with that.
You will also need to zipalign your app. This optimizes the apk in some ways.
These two things can be done using Eclipse and its export wizard or Android Studio. This will sign and zipalign your app:
1) Develop your app.
2) Open the project in Eclipse and select Files -> Export.
6) Select "Create a new keystore". Enter the location of the keystore and the password and confirm it:
7) Enter the name for the key, a password for the key, your name and the validity (the period of time users will be able to install your app for):
8) Select the destination to which the apk should be exported:
9) Click finish.
10) You are done!
1) Develop your app.
2) Open the project in Android Studio and select Build -> Generate Signed APK...
3) Enter the path of the keystore and hit Create new... :
4) Enter the password for the keystore, the name for the key, a password for the key, your name and the validity (the period of time users will be able to install your app for):
5) The form will be filled out automatically:
6) Select the destination to which the apk should be exported:
7) Click finish.
8) You are done!
Keep your keystore at a secure location and do not tell anybody else the passwords. If they knew the password, they would be able to decompile your apk and sign it with your certificate. Everybody would think that you are the developer. So keep your key secure.
Sign all of your apps with one certificate. It will be used to identify you. You will need it for some features like two applications sharing one Dalvik VM or a data directory.
Remember: You will not be able to change the certificate after releasing it through Google Play once.
This was featured on the XDA portal on April 28, 2013.
What? This is a guide about making one, what else would you want? Also: it needs to stay secure, what's the point in mailing one?
If someone else has your key and the password, he will be able to sign his apps with your key. Everyone will think that it is your app. If there is malicious code, you will be responsible for it unless you can prove that it is not created by you.
If someone has just the password, he will be able to decompile your apps.
And for mailing: It is a security risk because somebody could hack your or the other one's account.
So keep your keys and passwords secure.
Btw, thank you for helping the others when I was not at home.
XDA Developers was founded by developers, for developers. It is now a valuable resource for people who want to make the most of their mobile devices, from customizing the look and feel to adding new functionality. Are you a developer?