Everything else that doesn't fall into one of the other categories.
IdeasVacuum
 
Posts: 136
Joined: Tue Feb 25, 2014 1:27 pm

How do we sign an Android App created with SB?

by IdeasVacuum Fri Jun 09, 2017 2:00 pm

Reading this: Sign Your App Android Studio I am a bit surprised - it seems you do not have to buy a certificate from a 3rd party as you would for Windows applications.

However, since we are not using Android Studio to build our apps, how do we sign them?
User avatar
Peter
 
Posts: 596
Joined: Mon Feb 24, 2014 10:17 pm
Location: 127.0.0.1

Re: How do we sign an Android App created with SB?

by Peter Fri Jun 09, 2017 2:12 pm

IdeasVacuum
 
Posts: 136
Joined: Tue Feb 25, 2014 1:27 pm

Re: How do we sign an Android App created with SB?

by IdeasVacuum Fri Jun 09, 2017 2:45 pm

Thanks, Peter. No relation to a javascript expert of the same name perchance?
tj1010
 
Posts: 186
Joined: Wed May 27, 2015 1:36 pm

Re: How do we sign an Android App created with SB?

by tj1010 Sat Jun 10, 2017 5:40 am

Google applies other signing later after the apk passes Play Protect scanning. You just do your own signature locally with JDK as a form of identifier.

Apple is the only one charging for signing and store publishing. Which is especially annoying considering it takes 400 USD or euro designer x86 hardware to use xcode..
IdeasVacuum
 
Posts: 136
Joined: Tue Feb 25, 2014 1:27 pm

Re: How do we sign an Android App created with SB?

by IdeasVacuum Sat Jun 10, 2017 9:54 am

Hi tj1010

I think it is preferable to manage the keys oneself:

Image

Shame though that there is no choice but to make the app available via the Google store.
1) I like to QA sans debug before release;
2) I have my own store that customers know and trust - it's preferable to send them there where my other apps might prove interesting at the same time - in the Google store, a competitor app might catch their eye instead.
tj1010
 
Posts: 186
Joined: Wed May 27, 2015 1:36 pm

Re: How do we sign an Android App created with SB?

by tj1010 Sat Jun 10, 2017 12:23 pm

I thought Google signed on the back-end but they don't. There is just the opt-in Play Store key, and in 7.0+ v2 signing scheme that uses block-hashing instead of whole-hashing. It still goes through Play Protect A.I. though before getting listed.

You can disable trusted apps on all versions of Android, but signing is at least half of their security model; the other half being containers and service API. I can disable it and transfer unsigned APK from SB over HTTP, BT, FTP, Mass Storage USB etc..

EDIT: I wrote a GUI for keytool a while back. I never did the JSON based parameter so there is still some manual-process to it. viewtopic.php?f=9&t=883&start=10#p3414
Return to General Discussion

Who is online

Users browsing this forum: No registered users and 2 guests