- There are some things you will need to consider before first deploying your Android app. Primary among these is the expected lifespan of your app. You will not be able to deploy the same app signed by another key at any point in the near future. Android, as well as Google Play, enforces the use of the same key for updates to an APK.
- Go to your Account Edit Setting Signing Key's tab: Click unlock button and supply the the certificate password (from step #6 above) and the keystore password (from step #4 above) Lastly, either set your key to be default using the checkbox in the keys list, or in your individual application's details, select the key you've uploaded.
Android requires that all apps be digitally signed with a certificate before they can be installed. In order to distribute your Android application via Google Play store it needs to be signed with a release key that then needs to be used for all future updates. Since 2017 it is possible for Google Play to manage signing releases automatically thanks to App Signing by Google Play functionality. However, before your application binary is uploaded to Google Play it needs to be signed with an upload key. The Signing Your Applications page on Android Developers documentation describes the topic in detail. This guide covers the process in brief, as well as lists the steps required to package the JavaScript bundle.
Generating an upload key
You can generate a private signing key using
keytool
. On Windows keytool
must be run from C:Program FilesJavajdkx.x.x_xbin
.Android code signing setup in App Center.; 4 minutes to read +2; In this article. Signing an app is a requirement to run an app on real devices during the development process or to distribute it via a beta program or in the Play Store. Without code signing, the app can only run on an emulator.
This command prompts you for passwords for the keystore and key and for the Distinguished Name fields for your key. It then generates the keystore as a file called
my-upload-key.keystore
.The keystore contains a single key, valid for 10000 days. The alias is a name that you will use later when signing your app, so remember to take note of the alias.
On Mac, if you're not sure where your JDK bin folder is, then perform the following command to find it:
It will output the directory of the JDK, which will look something like this:
Navigate to that directory by using the command
$ cd /your/jdk/path
and use the keytool command with sudo permission as shown below.Note: Remember to keep the keystore file private. In case you've lost upload key or it's been compromised you should follow these instructions.
Setting up Gradle variables
- Place the
my-upload-key.keystore
file under theandroid/app
directory in your project folder. - Edit the file
~/.gradle/gradle.properties
orandroid/gradle.properties
, and add the following (replace*****
with the correct keystore password, alias and key password),
These are going to be global Gradle variables, which we can later use in our Gradle config to sign our app.
Note about security: If you are not keen on storing your passwords in plaintext, and you are running OSX, you can also store your credentials in the Keychain Access app. Then you can skip the two last rows in
~/.gradle/gradle.properties
.Adding signing config to your app's Gradle config
The last configuration step that needs to be done is to setup release builds to be signed using upload key. Edit the file
android/app/build.gradle
in your project folder, and add the signing config,Generating the release APK
Run the following in a terminal:
Gradle's
bundleRelease
will bundle all the JavaScript needed to run your app into the AAB (Android App Bundle). If you need to change the way the JavaScript bundle and/or drawable resources are bundled (e.g. if you changed the default file/folder names or the general structure of the project), have a look at android/app/build.gradle
to see how you can update it to reflect these changes.Note: Make sure gradle.properties does not include org.gradle.configureondemand=true as that will make the release build skip bundling JS and assets into the app binary.
The generated AAB can be found under
android/app/build/outputs/bundle/release/app.aab
, and is ready to be uploaded to Google Play.Note: In order for Google Play to accept AAB format the App Signing by Google Play needs to be configured for your application on the Google Play Console. If you are updating an existing app that doesn't use App Signing by Google Play, please check our migration section to learn how to perform that configuration change.
Testing the release build of your app
Before uploading the release build to the Play Store, make sure you test it thoroughly. First uninstall any previous version of the app you already have installed. Install it on the device using:
Note that
--variant=release
is only available if you've set up signing as described above.You can kill any running packager instances, since all your framework and JavaScript code is bundled in the APK's assets.
Publishing to other stores
By default, the generated APK has the native code for both x86 and ARMv7a CPU architectures. This makes it easier to share APKs that run on almost all Android devices. However, this has the downside that there will be some unused native code on any device, leading to unnecessarily bigger APKs.
You can create an APK for each CPU by changing the following line in android/app/build.gradle:
Upload both these files to markets which support device targeting, such as Google Play and Amazon AppStore, and the users will automatically get the appropriate APK. If you want to upload to other markets, such as APKFiles, which do not support multiple APKs for a single app, change the following line as well to create the default universal APK with binaries for both CPUs.
Enabling Proguard to reduce the size of the APK (optional)
Proguard is a tool that can slightly reduce the size of the APK. It does this by stripping parts of the React Native Java bytecode (and its dependencies) that your app is not using.
IMPORTANT: Make sure to thoroughly test your app if you've enabled Proguard. Proguard often requires configuration specific to each native library you're using. See
app/proguard-rules.pro
.To enable Proguard, edit
android/app/build.gradle
:Migrating old Android React Native apps to use App Signing by Google Play
If you are migrating from previous version of React Native chances are your app does not use App Signing by Google Play feature. We recommend you enable that in order to take advantage from things like automatic app splitting. In order to migrate from the old way of signing you need to start by generating new upload key and then replacing release signing config in
-->android/app/build.gradle
to use the upload key instead of the release one (see section about adding signing config to gradle). Once that's done you should follow the instructions from Google Play Help website in order to send your original release key to Google Play.After the application has been built for release, the APK must be signed prior to distribution so that it can be run on an Android device. This process is typically handled with the IDE, however there are some situations where it is necessary to sign the APK manually, at the command line. The following steps are involved with signing an APK:
- Create a Private Key – This step needs to be performedonly once. A private key is necessary to digitally sign the APK.After the private key has been prepared, this step can be skippedfor future release builds.
- Zipalign the APK – Zipalign is an optimization processthat is performed on an application. It enables Android to interactmore efficiently with the APK at runtime. Xamarin.Android conductsa check at runtime, and will not allow the application to run ifthe APK has not been zipaligned.
- Sign the APK – This step involves using the apksigner utility from the Android SDK and signing the APK with the private key that was created in the previous step. Applications that are developed with older versions of the Android SDK build tools prior to v24.0.3 will use the jarsigner app from the JDK. Both of these tools will be discussed in more detail below.
The order of the steps is important and is dependent on which tool used to sign the APK. When using apksigner, it is important to first zipalign the application, and then to sign it with apksigner. If it is necessary to use jarsigner to sign the APK, then it is important to first sign the APK and then run zipalign.
Prerequisites
This guide will focus on using apksigner from the Android SDK buildtools, v24.0.3 or higher. It assumes that an APK has already beenbuilt.
Applications that are built using an older version of the Android SDKBuild Tools must use jarsigner as described inSign the APK with jarsigner below.
Android App Signing Generate An Upload Key Free
Create a Private Keystore
![Android Android](/uploads/1/2/6/0/126059811/538777220.png)
A keystore is a database of security certificates that is createdby using the programkeytoolfrom the Java SDK. A keystore is critical to publishing aXamarin.Android application, as Android will not run applications thathave not been digitally signed.
During development, Xamarin.Android uses a debug keystore to sign theapplication, which allows the application to be deployed directly tothe emulator or to devices configured to use debuggable applications.However, this keystore is not recognized as a valid keystore for thepurposes of distributing applications.
For this reason, a private keystore must be created and used forsigning applications. This is a step that should only be performedonce, as the same key will be used for publishing updates and can thenbe used to sign other applications.
It is important to protect this keystore. https://heavenlyyes702.weebly.com/windows-81-pro-product-key-generator-2016.html. If it is lost, then it willnot be possible to publish updates to the application with Google Play.The only solution to the problem caused by a lost keystore would be tocreate a new keystore, re-sign the APK with the new key, and thensubmit a new application. Then the old application would have to beremoved from Google Play. Likewise, if this new keystore is compromisedor publicly distributed, then it is possible for unofficial ormalicious versions of an application to be distributed.
Create a New Keystore
Creating a new keystore requires the command line toolkeytoolfrom the Java SDK. The following snippet is an example of how to usekeytool (replace
<my-filename>
with the file name for the keystoreand <key-name>
with the name of the key within the keystore):The first thing that keytool will ask for is the password for thekeystore. Then it will ask for some information to help with creatingthe key. The following snippet is an example of creating a new keycalled
publishingdoc
that will be stored in the filexample.keystore
:To list the keys that are stored in a keystore, use the keytool withthe –
list
option:Zipalign the APK
Before signing an APK with apksigner, it is important to first optimize the file using the zipalign tool from the Android SDK. zipalign will restructure the resources in an APK along 4-byte boundaries. This alignment allows Android to quickly load the resources from the APK, increasing the performance of the application and potentially reducing memory use. Xamarin.Android will conduct a run-time check to determine if the APK has been zipaligned. If the APK is not zipaligned, then the application will not run.
The follow command will use the signed APK and produce a signed, zipaligned APK called helloworld.apk that is ready for distribution.
Upload Android App For Free
Sign the APK
After zipaligning the APK, it is necessary to sign it using a keystore. This is done with the apksigner tool, found in the build-tools directory of the version of the SDK build tools. For example, if the Android SDK build tools v25.0.3 is installed, then apksigner can be found in the directory:
The following snippet assumes that apksigner is accessible by the
PATH
environment variable. It will sign an APK using the key aliaspublishingdoc
that is contained in the file xample.keystore:When this command is run, apksigner Microsoft powerpoint product key generator. will ask for the password to the keystore if necessary.
See Google's documentation for more details on the use of apksigner.
Note
According to Google issue 62696222, apksigner is 'missing' from the Android SDK. The workaround for this is to install the Android SDK build tools v25.0.3 and use that version of apksigner.
Sign the APK with jarsigner
![App App](/uploads/1/2/6/0/126059811/533566937.png)
Warning
This section only applies if it is nececssary to sign the APK with the jarsigner utility. Developers are encouraged to use apksigner to sign the APK.
This technique involves signing the APK file using the jarsigner command from the Java SDK. The jarsigner tool is provided by the Java SDK.
The following shows how to sign an APK by using jarsigner and the key
publishingdoc
that is contained in a keystore file named xample.keystore :Note
When using jarsigner, it is important to sign the APK first, and then to use zipalign.