This lesson describes how to create a self-signed certificate for your Android application. Variations between Apple Mac and Windows are discussed and screen captures are provided. How do I Create a Self-Signed Certificate for an Android App? Perhaps we need an additional lesson on how to use the upload key certificate when you try to. Oct 24, 2018 How to Generate debug, release SHA1 key in Android Studio - Duration. Enroll in Google Play App Signing to Secure Your App Keys. How to Upload Android Apps to Google Play Store. Sign the APK – This step involves using the apksigner utility from the Android SDK and signing the APK with the private key that was created in the previous step. Applications that are developed with older versions of the Android SDK build tools prior to v24.0.3 will use the jarsigner app from the JDK. Keytool will quickly generate a public/private key pair and store them in a keystore for you after you answer a few simple questions. Keytool has a number of commands. The most common command used for signing Android builds -genkeypair, commonly abbreviated -genkey. The other commands may be useful to you, but uncommonly so. Again, there are lots of options for this keytool command.
- Android App Signing Generate An Upload Key Account
- Upload App To Microsoft Store
- Android App Signing Generate An Upload Key Code
Android requires that all apps be digitally signed with a certificate before they can be installed. In order to distribute your Android application via Google Play store it needs to be signed with a release key that then needs to be used for all future updates. Since 2017 it is possible for Google Play to manage signing releases automatically thanks to App Signing by Google Play functionality. However, before your application binary is uploaded to Google Play it needs to be signed with an upload key. The Signing Your Applications page on Android Developers documentation describes the topic in detail. This guide covers the process in brief, as well as lists the steps required to package the JavaScript bundle.
Generating an upload key
You can generate a private signing key using
keytool
. On Windows keytool
must be run from C:Program FilesJavajdkx.x.x_xbin
.This command prompts you for passwords for the keystore and key and for the Distinguished Name fields for your key. It then generates the keystore as a file called
my-upload-key.keystore
.The keystore contains a single key, valid for 10000 days. The alias is a name that you will use later when signing your app, so remember to take note of the alias.
On Mac, if you're not sure where your JDK bin folder is, then perform the following command to find it:
It will output the directory of the JDK, which will look something like this:
Navigate to that directory by using the command
$ cd /your/jdk/path
and use the keytool command with sudo permission as shown below.Note: Remember to keep the keystore file private. In case you've lost upload key or it's been compromised you should follow these instructions.
Setting up Gradle variables
- Place the
my-upload-key.keystore
file under theandroid/app
directory in your project folder. - Edit the file
~/.gradle/gradle.properties
orandroid/gradle.properties
, and add the following (replace*****
with the correct keystore password, alias and key password),
These are going to be global Gradle variables, which we can later use in our Gradle config to sign our app.
Note about security: If you are not keen on storing your passwords in plaintext, and you are running OSX, you can also store your credentials in the Keychain Access app. Then you can skip the two last rows in
~/.gradle/gradle.properties
.Adding signing config to your app's Gradle config
The last configuration step that needs to be done is to setup release builds to be signed using upload key. Edit the file
android/app/build.gradle
in your project folder, and add the signing config,Generating the release APK
Run the following in a terminal:
Gradle's
bundleRelease
will bundle all the JavaScript needed to run your app into the AAB (Android App Bundle). If you need to change the way the JavaScript bundle and/or drawable resources are bundled (e.g. if you changed the default file/folder names or the general structure of the project), have a look at android/app/build.gradle
to see how you can update it to reflect these changes.Note: Make sure gradle.properties does not include org.gradle.configureondemand=true as that will make the release build skip bundling JS and assets into the app binary.
The generated AAB can be found under
android/app/build/outputs/bundle/release/app.aab
, and is ready to be uploaded to Google Play.Note: In order for Google Play to accept AAB format the App Signing by Google Play needs to be configured for your application on the Google Play Console. If you are updating an existing app that doesn't use App Signing by Google Play, please check our migration section to learn how to perform that configuration change.
Testing the release build of your app
Before uploading the release build to the Play Store, make sure you test it thoroughly. First uninstall any previous version of the app you already have installed. Install it on the device using:
Note that
--variant=release
is only available if you've set up signing as described above.You can kill any running packager instances, since all your framework and JavaScript code is bundled in the APK's assets.
Publishing to other stores
By default, the generated APK has the native code for both x86 and ARMv7a CPU architectures. This makes it easier to share APKs that run on almost all Android devices. However, this has the downside that there will be some unused native code on any device, leading to unnecessarily bigger APKs.
You can create an APK for each CPU by changing the following line in android/app/build.gradle:
Upload both these files to markets which support device targeting, such as Google Play and Amazon AppStore, and the users will automatically get the appropriate APK. If you want to upload to other markets, such as APKFiles, which do not support multiple APKs for a single app, change the following line as well to create the default universal APK with binaries for both CPUs.
Enabling Proguard to reduce the size of the APK (optional)
Proguard is a tool that can slightly reduce the size of the APK. It does this by stripping parts of the React Native Java bytecode (and its dependencies) that your app is not using.
IMPORTANT: Make sure to thoroughly test your app if you've enabled Proguard. Proguard often requires configuration specific to each native library you're using. See
app/proguard-rules.pro
.To enable Proguard, edit
android/app/build.gradle
:Migrating old Android React Native apps to use App Signing by Google Play
If you are migrating from previous version of React Native chances are your app does not use App Signing by Google Play feature. We recommend you enable that in order to take advantage from things like automatic app splitting. In order to migrate from the old way of signing you need to start by generating new upload key and then replacing release signing config in
-->android/app/build.gradle
to use the upload key instead of the release one (see section about adding signing config to gradle). Once that's done you should follow the instructions from Google Play Help website in order to send your original release key to Google Play.Signing an app is a requirement to run an app on real devices during the development process or to distribute it via a beta program or in the Play Store. Without code signing, the app can only run on an emulator.
When App Center builds an Android application with a debug build type, a keystore associated with a developer isn't required but can be uploaded. These builds will be automatically code signed with a debug key. For a release build that will be deployed, you have to upload a keystore to App Center.
Generating a keystore
If you don't currently have a keystore, you can generate one in Android Studio. You can find instructions on generating a keystore to sign APKs in Android Studio's official User Guide.
Setting up Code Signing
App Center supports three different ways of setting up code signing for Android apps. For all three methods, you first need to go to the build configuration and enable code signing:
Android App Signing Generate An Upload Key Account
- Go to your app in App Center.
- Go to Build.
- Go to the branch you want to configure by choosing it from the list.
- Either use the 'Settings' menu in the upper-right corner, or choose Configure if your branch is not configured for build yet.
- Enable Sign builds.
- Choose Save.
Then, depending on your scenario, use the most suitable of the three options in the sections below. The first option involves checking in credentials to your repository, while the other two use App Center to handle your credentials instead.
A. Storing everything in the Gradle configuration
You can specify the signing details in the
build.gradle
file. The signing details, along with all credentials and the keystore information, will be visible in the repository. First, add all the items you need to your code and check them in to your repository. Then in the build configuration in App Center, enable My Gradle settings are entirely set to handle signing automatically.B. Uploading everything to App Center
You can upload the keystore and configure the signing credentials through App Center. In this case, App Center will first build your Android app and then run a signing step after the successful build.
Note
A build can only be signed once. Make sure you have no conflicts with signing configurations in your Gradle configuration for the chosen build variant. If there are signing settings both in App Center and in the Gradle file, the build may end up signed twice and this will lead to conflicts.
Set up your build configuration in App Center as follows:
- Disable My Gradle settings are entirely set to handle signing automatically.
- Upload your keystore file to the Keystore file upload file drop. You can drag the file onto the box or click it and browse for the file. Keystore files have the extension .keystore or .jks.
- Enter the keystore password, key alias, and key password in the corresponding fields. These values are the same ones you would otherwise enter in Android Studio when you sign a build.
C. Storing Signing Details in the Repository with Environment Variables
Use this method if your repository already contains the keystore, but you don't want to store the credentials there. At build time, the credentials will be provided as System properties to the Gradle build. See the following code sample on how to make use of them:
In the code above, securing values behind system properties injected into your build keeps your signing credentials safe – the values are encrypted and only available to the build agents at build time. You can provide the values through App Center. You can also hard code any of the values, and check them in to your repository. To use App Center to safeguard the values:
- Go to your build configuration.
- Make sure the checkbox called My Gradle settings are entirely set to handle signing automatically it not checked.
- Enter the keystore password, key alias, and key password in the corresponding fields. These values are the same ones you would otherwise enter in Android Studio when you sign a build.
If you use product flavors, you may need to adjust the code above so all your release configurations use the correct signing configuration.
Upload App To Microsoft Store
Note
If you use the
signingConfig
option inside the buildTypes
section in your build.gradle
file, you may face code-signing errors during App Center build. This is especially relevant for apps that use React Native for Android version 0.60.x and higher:To fix this issue you have to push a proper keystore used for signing to your repository and enable My Gradle settings are entirely set to handle signing automatically in your build configuration in the App Center portal.
Android App Signing Generate An Upload Key Code
In case you uploaded a keystore to the build configuration in the App Center portal, take into account that this approach will require to delete the
signingConfig
option from the buildTypes
section of your build.gradle
file if you didn't update it from the default state of the React Native project template.