If you run an app in Eclipse or Android Studio, it is signed with a standard debug certificate. This is perfect for testing. However, do never release an app signed with the standard debug certificate. Users will be able to install the app for just 365 days and people can easily decompile your apk.
Signing is an easy way of preventing this and to identify the developer. You will not be able to upload an apk signed with the Eclipse or Android Studio debug certificate to Google Play.
Signing means creating a keystore which is a container for your keys. Then you will create a key and sign your application with that.
You will also need to zipalign your app. This optimizes the apk in some ways.
These two things can be done using Eclipse and its export wizard or Android Studio. This will sign and zipalign your app:
1) Develop your app.
2) Open the project in Eclipse and select Files -> Export.
4) Select "Android" -> "Export Android Application":
5) Choose the project you want to export:
6) Select "Create a new keystore". Enter the location of the keystore and the password and confirm it:
7) Enter the name for the key, a password for the key, your name and the validity (the period of time users will be able to install your app for):
8) Select the destination to which the apk should be exported:
9) Click finish.
10) You are done!
1) Develop your app.
2) Open the project in Android Studio and select Build -> Generate Signed APK...
3) Enter the path of the keystore and hit Create new... :
4) Enter the password for the keystore, the name for the key, a password for the key, your name and the validity (the period of time users will be able to install your app for):
5) The form will be filled out automatically:
6) Select the destination to which the apk should be exported:
7) Click finish.
8) You are done!
- Keep your keystore at a secure location and do not tell anybody else the passwords. If they knew the password, they would be able to decompile your apk and sign it with your certificate. Everybody would think that you are the developer. So keep your key secure.
- Sign all of your apps with one certificate. It will be used to identify you. You will need it for some features like two applications sharing one Dalvik VM or a data directory.
- Remember: You will not be able to change the certificate after releasing it through Google Play once.
This was featured on the XDA portal on April 28, 2013.