Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,807,179 Members 41,219 Now Online
XDA Developers Android and Mobile Development Forum

[GUIDE] Signing and zipaligning your app

Tip us?
 
nikwen
Old
(Last edited by nikwen; 26th May 2013 at 11:52 AM.) Reason: Added instructions for Android Studio
#1  
nikwen's Avatar
Recognized Contributor - OP
Thanks Meter 1,330
Posts: 2,713
Join Date: Feb 2013
Info 2 [GUIDE] Signing and zipaligning your app

This is my tutorial on how to sign and zipalign apps for publishing:

If you run an app in Eclipse or Android Studio, it is signed with a standard debug certificate. This is perfect for testing. However, do never release an app signed with the standard debug certificate. Users will be able to install the app for just 365 days and people can easily decompile your apk.
Signing is an easy way of preventing this and to identify the developer. You will not be able to upload an apk signed with the Eclipse or Android Studio debug certificate to Google Play.
Signing means creating a keystore which is a container for your keys. Then you will create a key and sign your application with that.

You will also need to zipalign your app. This optimizes the apk in some ways.

These two things can be done using Eclipse and its export wizard or Android Studio. This will sign and zipalign your app:

Eclipse:

1) Develop your app.

2) Open the project in Eclipse and select Files -> Export.

4) Select "Android" -> "Export Android Application":



5) Choose the project you want to export:



6) Select "Create a new keystore". Enter the location of the keystore and the password and confirm it:




7) Enter the name for the key, a password for the key, your name and the validity (the period of time users will be able to install your app for):



8) Select the destination to which the apk should be exported:



9) Click finish.

10) You are done!


Android Studio:

1) Develop your app.

2) Open the project in Android Studio and select Build -> Generate Signed APK...

3) Enter the path of the keystore and hit Create new... :



4) Enter the password for the keystore, the name for the key, a password for the key, your name and the validity (the period of time users will be able to install your app for):



5) The form will be filled out automatically:



6) Select the destination to which the apk should be exported:



7) Click finish.



8) You are done!

Some tips:
  • Keep your keystore at a secure location and do not tell anybody else the passwords. If they knew the password, they would be able to decompile your apk and sign it with your certificate. Everybody would think that you are the developer. So keep your key secure.
  • Sign all of your apps with one certificate. It will be used to identify you. You will need it for some features like two applications sharing one Dalvik VM or a data directory.
  • Remember: You will not be able to change the certificate after releasing it through Google Play once.

Happy coding!

This was featured on the XDA portal on April 28, 2013.
The Following 41 Users Say Thank You to nikwen For This Useful Post: [ Click to Expand ]
 
6mg
Old
#2  
Member
Thanks Meter 0
Posts: 58
Join Date: Mar 2013
Thanks!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Cool
 
nikwen
Old
#3  
nikwen's Avatar
Recognized Contributor - OP
Thanks Meter 1,330
Posts: 2,713
Join Date: Feb 2013
Quote:
Originally Posted by 6mg View Post
Thanks!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Cool
You are welcome.
The Following 2 Users Say Thank You to nikwen For This Useful Post: [ Click to Expand ]
 
Psykic
Old
#4  
Psykic's Avatar
Senior Member
Thanks Meter 137
Posts: 713
Join Date: Jul 2012
nice man i was luking for a guide lyk this....
im a beginner
cud u tell me more about keystore ...lyk how to male or get one ??

Sent from my GT-S5360 using xda app-developers app
 
bassie1995
Old
#5  
bassie1995's Avatar
Senior Member
Thanks Meter 410
Posts: 2,443
Join Date: Jan 2011
Location: Delft

 
DONATE TO ME
Quote:
Originally Posted by anubhavrev View Post
nice man i was luking for a guide lyk this....
im a beginner
cud u tell me more about keystore ...lyk how to male or get one ??

Sent from my GT-S5360 using xda app-developers app
What? This is a guide about making one, what else would you want? Also: it needs to stay secure, what's the point in mailing one?
The Following 2 Users Say Thank You to bassie1995 For This Useful Post: [ Click to Expand ]
 
frenzyboi
Old
#6  
frenzyboi's Avatar
Senior Member
Thanks Meter 737
Posts: 819
Join Date: May 2012
Where is the zipaligning part?
 
Psykic
Old
#7  
Psykic's Avatar
Senior Member
Thanks Meter 137
Posts: 713
Join Date: Jul 2012
Quote:
Originally Posted by bassie1995 View Post
What? This is a guide about making one, what else would you want? Also: it needs to stay secure, what's the point in mailing one?
okay got it...

newbie to apps ....
 
bassie1995
Old
#8  
bassie1995's Avatar
Senior Member
Thanks Meter 410
Posts: 2,443
Join Date: Jan 2011
Location: Delft

 
DONATE TO ME
Quote:
Originally Posted by frenzyboi View Post
Where is the zipaligning part?
I think that's included when you export it.
Never had to do it myself, nor have I heard of having to do so.


Quote:
Originally Posted by anubhavrev View Post
okay got it...

newbie to apps ....
No problems, glad to help and have fun making apps .

Sent from my GT-I9300 using Tapatalk 2
The Following User Says Thank You to bassie1995 For This Useful Post: [ Click to Expand ]
 
nikwen
Old
#9  
nikwen's Avatar
Recognized Contributor - OP
Thanks Meter 1,330
Posts: 2,713
Join Date: Feb 2013
Quote:
Originally Posted by bassie1995 View Post
What? This is a guide about making one, what else would you want? Also: it needs to stay secure, what's the point in mailing one?
If someone else has your key and the password, he will be able to sign his apps with your key. Everyone will think that it is your app. If there is malicious code, you will be responsible for it unless you can prove that it is not created by you.
If someone has just the password, he will be able to decompile your apps.

And for mailing: It is a security risk because somebody could hack your or the other one's account.

So keep your keys and passwords secure.

Btw, thank you for helping the others when I was not at home.
The Following User Says Thank You to nikwen For This Useful Post: [ Click to Expand ]
 
nikwen
Old
#10  
nikwen's Avatar
Recognized Contributor - OP
Thanks Meter 1,330
Posts: 2,713
Join Date: Feb 2013
Quote:
Originally Posted by frenzyboi View Post
Where is the zipaligning part?
Yes, it is included. I will update the guide.

The Following User Says Thank You to nikwen For This Useful Post: [ Click to Expand ]
Tags
apk, google play, publish, sign, zipalign
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes