How to sign a release APK

Share your advanced knowledge/code with the community.
e2robot
Posts: 38
Joined: Wed Mar 19, 2014 8:34 am

How to sign a release APK

Post by e2robot »

Not sure if anyone else has this strange issue.

Unless I include the debugger when creating APK, I get an APK corrupt error when installing to Nexus 5X running 7.0

Same happened with Beta 2.

regards,
Phil
Fred
Site Admin
Posts: 1506
Joined: Mon Feb 24, 2014 10:51 am

Re: SB 2.00 Beta 4 - APK corrupt unless debugger enabled

Post by Fred »

It's because you need to sign the apk when compiling in release mode. Step to do it on Windows:

1) Open a command prompt

2) Ensures your JDK\bin directory is in the PATH (mine is here C:\Program Files\Java\jdk1.8.0_73\bin)

3) Create a new certificate with 'keytool' (which is in JDK\bin) (only required the first time)

Code: Select all

keytool -genkey -v -keystore my-release-key.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias app
4) Sign your apk with 'jarsigner' (which is in JDK\bin)

Code: Select all

jarsigner -verbose -tsa http://timestamp.digicert.com -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore yourpackage.apk alias_name -storepass yourkeystorepassword
5) Align the resulting zip with 'zipalign' (can be found in SpiderBasic\Android\android\sdk\build-tools\23.0.2)

Code: Select all

zipalign 4 yourpackage.apk yourpackage_signed.apk
Now your APK is ready to be installed, and you can even submit it to the google appstore (tested it and it work :), french users can search for 'SpiderTest' app on GooglePlay it should appear)
e2robot
Posts: 38
Joined: Wed Mar 19, 2014 8:34 am

Re: SB 2.00 Beta 4 - APK corrupt unless debugger enabled

Post by e2robot »

Thanks for the detailed instructions !

Working fine now.

Just in case anyone misses it. The alias_name in the jarsigner step is the alias you specified in keytool step. In this case it's app

Regards,
Phil
Fred
Site Admin
Posts: 1506
Joined: Mon Feb 24, 2014 10:51 am

Re: How to sign a release APK

Post by Fred »

Great ! I changed the title and moved to trick and tips so everyone could find this info easily
Leonhardt
Posts: 20
Joined: Wed Feb 26, 2014 9:41 am

Re: How to sign a release APK

Post by Leonhardt »

mark
User avatar
Rings
Posts: 6
Joined: Tue Feb 25, 2014 9:44 am

Re: How to sign a release APK

Post by Rings »

should such a tip not been included in the IDE an been automated ?
falsam
Posts: 280
Joined: Mon May 05, 2014 9:49 pm
Location: France
Contact:

Re: How to sign a release APK

Post by falsam »

Hello Fred.

Signing an APK is only to be able to publish on the store.

I would like to be able to transfer my apk to my terminal without going through the store.

The unknown source checkbox is checked on my terminal but the APK do not install.

If I install a signed APK, I can not upgrade with a new version.

Installing the application in debug mode (unsigned) would be very good but I would like the window debug not to be opened systematically.

Thanks.

➽ Windows 11 - JDK 1.8 - SB 2.40 - Android 13
http://falsam.com

Sorry for my poor english
Fred
Site Admin
Posts: 1506
Joined: Mon Feb 24, 2014 10:51 am

Re: How to sign a release APK

Post by Fred »

You can use CloseDebugOutput() if you want to close it at start while being in debug mode. To reinstall a signed package, you need to uninstall it first, for all users (easier with adb)
Bradan
Posts: 18
Joined: Fri Nov 04, 2016 2:07 pm

Re: How to sign a release APK

Post by Bradan »

If you sign it with the same certificate every time it should work. Only if you switch between release and debug certificates it will ask you to uninstall it first. At least thats how it is when developing android apps with the sdk. Usually ALL apks are signed, even the debug builds. However the IDE usually creates a debug certificate which expires once every year or so.
tj1010
Posts: 201
Joined: Wed May 27, 2015 1:36 pm
Contact:

Re: How to sign a release APK

Post by tj1010 »

Disable trusted source under settings>security on your test device.. I use Bluetooth sometimes with unsigned.. Enable it when done. It's trivial to make a PB program using RunProgram and directory scan for auto-find to do this if you want it signed, but yeah integrated should be there since SB already needs the JDK path anyway. Just store a key per-install?

I forget all the model for apk signing but I think Google has to sign with their private key on the back-end of the store for an apk to install on a device without debug. They check them with their public key stored on all phones. I may be wrong partly I learned this years ago and forgot some of it.
Post Reply