What is Signing?
Signing is a process which is used to verify the integrity and authenticate the application being published. The signing process ensures that the signed application has been developed and published by the correct developer. All Android applications must be signed before they can be installed on any device. The Android application signing process is very similar to the JAR signing process; in fact, you use the same tools to sign both APK and JAR files before publishing them. The KEYTOOL and JARSIGNER tools come built in every JDK (Java Development Kit) installation. Signing your application is mandatory if you want to publish it on Android Market.
There are mainly two types of signing processes.
1. Debug Mode Signing
Debug Mode Signing is used to automatically sign the compiled application. The build tool automatically creates a keystore and key using known parameters and a debug key is generated to sign the application. This method can be used only while development and testing. If you want to release and publish your application, you need to sign your application in release mode.
2. Release Mode Signing
In this mode, you first compile your application to an unsigned APK and then use the KEYTOOL and JARSIGNER tools manually to sign your unsigned APK application.
The KEYTOOL tool is used to generate a keystore and key if you don’t already have one and the JARSIGNER tool is used to sign your application with the key. You can either obtain the certificate from a certification authority or create a self signed certificate using KEYTOOL and then use JARSIGNER to sign your application using your private key.
Note: To publish an application on Android Market, it must be signed with a certificate whose validity ends after 22 October 2033. Also, the expiry date is checked only at installation time. If the application is already installed, it will run even after the expiration date.
In the next tutorial, I will detail the procedure to sign your Android Applications in the release mode using the Keytool and JarSigner tools.
This post is part of the series: Programmers Guide: Signing Google Android Applications
- What Signing Means if You Are a Google Android Application Developer
- How To Sign Your Android Applications