Signing of Android packages
Signing of Android packages is required for the package to be installed by the Android Package Manager.
Android packages are enhanced Java .jar files with an .apk extension. They are ZIP compressed archives with a META-INF directory containing various signature files. These files are generated by a program called "jarsigner".
Signing a package
Normally there are only two choices for signing a package:
- Sign with the standard Android debug signature
- Sign with your own personally generate signature
Updating a package
When updating a package the signature on the update must be the same as the original. If this is not the case, you must uninstall the original, then install the update.
System packages use "sharedUserId". They all operate as the same Linux user. The Package Manager requires that all these packages must be signed with the same signature. This means that if you want to modify a system package you must resign all the system packages and the framework with your own signature.
- Signing Your Applications on Android Developers