Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[GUIDE] Signing and zipaligning your app

OP nikwen

25th April 2013, 08:05 PM   |  #1  
nikwen's Avatar
OP Recognized Contributor
Thanks Meter: 1,409
 
2,813 posts
Join Date:Joined: Feb 2013
More
This is my tutorial on how to sign and zipalign apps for publishing:

If you run an app in Eclipse or Android Studio, it is signed with a standard debug certificate. This is perfect for testing. However, do never release an app signed with the standard debug certificate. Users will be able to install the app for just 365 days and people can easily decompile your apk.
Signing is an easy way of preventing this and to identify the developer. You will not be able to upload an apk signed with the Eclipse or Android Studio debug certificate to Google Play.
Signing means creating a keystore which is a container for your keys. Then you will create a key and sign your application with that.

You will also need to zipalign your app. This optimizes the apk in some ways.

These two things can be done using Eclipse and its export wizard or Android Studio. This will sign and zipalign your app:

Eclipse:

1) Develop your app.

2) Open the project in Eclipse and select Files -> Export.

4) Select "Android" -> "Export Android Application":



5) Choose the project you want to export:



6) Select "Create a new keystore". Enter the location of the keystore and the password and confirm it:




7) Enter the name for the key, a password for the key, your name and the validity (the period of time users will be able to install your app for):



8) Select the destination to which the apk should be exported:



9) Click finish.

10) You are done!


Android Studio:

1) Develop your app.

2) Open the project in Android Studio and select Build -> Generate Signed APK...

3) Enter the path of the keystore and hit Create new... :



4) Enter the password for the keystore, the name for the key, a password for the key, your name and the validity (the period of time users will be able to install your app for):



5) The form will be filled out automatically:



6) Select the destination to which the apk should be exported:



7) Click finish.



8) You are done!

Some tips:
  • Keep your keystore at a secure location and do not tell anybody else the passwords. If they knew the password, they would be able to decompile your apk and sign it with your certificate. Everybody would think that you are the developer. So keep your key secure.
  • Sign all of your apps with one certificate. It will be used to identify you. You will need it for some features like two applications sharing one Dalvik VM or a data directory.
  • Remember: You will not be able to change the certificate after releasing it through Google Play once.

Happy coding!

This was featured on the XDA portal on April 28, 2013.
Last edited by nikwen; 26th May 2013 at 12:52 PM. Reason: Added instructions for Android Studio
The Following 42 Users Say Thank You to nikwen For This Useful Post: [ View ]
25th April 2013, 09:29 PM   |  #2  
Member
Thanks Meter: 0
 
58 posts
Join Date:Joined: Mar 2013
Thanks!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Cool
25th April 2013, 09:32 PM   |  #3  
nikwen's Avatar
OP Recognized Contributor
Thanks Meter: 1,409
 
2,813 posts
Join Date:Joined: Feb 2013
More
Quote:
Originally Posted by 6mg

Thanks!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Cool

You are welcome.
The Following 2 Users Say Thank You to nikwen For This Useful Post: [ View ]
26th April 2013, 07:55 AM   |  #4  
Psykic's Avatar
Senior Member
Thanks Meter: 137
 
713 posts
Join Date:Joined: Jul 2012
nice man i was luking for a guide lyk this....
im a beginner
cud u tell me more about keystore ...lyk how to male or get one ??

Sent from my GT-S5360 using xda app-developers app
26th April 2013, 09:52 AM   |  #5  
bassie1995's Avatar
Senior Member
Flag Delft
Thanks Meter: 418
 
2,478 posts
Join Date:Joined: Jan 2011
Donate to Me
More
Quote:
Originally Posted by anubhavrev

nice man i was luking for a guide lyk this....
im a beginner
cud u tell me more about keystore ...lyk how to male or get one ??

Sent from my GT-S5360 using xda app-developers app

What? This is a guide about making one, what else would you want? Also: it needs to stay secure, what's the point in mailing one?
The Following 2 Users Say Thank You to bassie1995 For This Useful Post: [ View ]
26th April 2013, 11:57 AM   |  #6  
frenzyboi's Avatar
Senior Member
Thanks Meter: 738
 
823 posts
Join Date:Joined: May 2012
Where is the zipaligning part?
26th April 2013, 12:34 PM   |  #7  
Psykic's Avatar
Senior Member
Thanks Meter: 137
 
713 posts
Join Date:Joined: Jul 2012
Quote:
Originally Posted by bassie1995

What? This is a guide about making one, what else would you want? Also: it needs to stay secure, what's the point in mailing one?

okay got it...

newbie to apps ....
26th April 2013, 01:16 PM   |  #8  
bassie1995's Avatar
Senior Member
Flag Delft
Thanks Meter: 418
 
2,478 posts
Join Date:Joined: Jan 2011
Donate to Me
More
Quote:
Originally Posted by frenzyboi

Where is the zipaligning part?

I think that's included when you export it.
Never had to do it myself, nor have I heard of having to do so.


Quote:
Originally Posted by anubhavrev

okay got it...

newbie to apps ....

No problems, glad to help and have fun making apps .

Sent from my GT-I9300 using Tapatalk 2
The Following User Says Thank You to bassie1995 For This Useful Post: [ View ]
26th April 2013, 04:50 PM   |  #9  
nikwen's Avatar
OP Recognized Contributor
Thanks Meter: 1,409
 
2,813 posts
Join Date:Joined: Feb 2013
More
Quote:
Originally Posted by bassie1995

What? This is a guide about making one, what else would you want? Also: it needs to stay secure, what's the point in mailing one?

If someone else has your key and the password, he will be able to sign his apps with your key. Everyone will think that it is your app. If there is malicious code, you will be responsible for it unless you can prove that it is not created by you.
If someone has just the password, he will be able to decompile your apps.

And for mailing: It is a security risk because somebody could hack your or the other one's account.

So keep your keys and passwords secure.

Btw, thank you for helping the others when I was not at home.
The Following User Says Thank You to nikwen For This Useful Post: [ View ]
26th April 2013, 04:52 PM   |  #10  
nikwen's Avatar
OP Recognized Contributor
Thanks Meter: 1,409
 
2,813 posts
Join Date:Joined: Feb 2013
More
Quote:
Originally Posted by frenzyboi

Where is the zipaligning part?

Yes, it is included. I will update the guide.

The Following User Says Thank You to nikwen For This Useful Post: [ View ]
Post Reply Subscribe to Thread

Tags
apk, google play, publish, sign, zipalign
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes