Signing the App - xialin/GrabMovie GitHub Wiki

Signing the App in Android Studio

To sign your app in release mode in Android Studio, follow these steps:

  1. On the menu bar, click Build > Generate Signed APK. Select Module:app and click next.
  2. On the Generate Signed APK wizard window, click Create new... to create a new keystore.
  3. On the New Key Store window, provide the required information. Your key should be valid for at least 25 years, so you can sign app updates with the same key through the lifespan of your app.
  4. Back to the Generate Signed APK wizard window, select a keystore, a private key, and enter the passwords for both. Then click Next.
  5. On the next window, select a destination for the signed APK and click Finish.

Signing the app with configuration in build.gradle

In release mode, you sign your app with your own certificate:

  • Create a keystore. A keystore is a binary file that contains a set of private keys. You must keep your keystore in a safe place.
  • Create a private key. A private key represents the entity to be identified with the app, such as a person or a company.
  • Add the signing configuration to the build file for the app module:
android {
    ...
    defaultConfig { ... }
    signingConfigs {
        release {
            storeFile file("myreleasekey.keystore")
            storePassword "password"
            keyAlias "MyReleaseKey"
            keyPassword "password"
        }
    }
    buildTypes {
        release {
            ...
            signingConfig signingConfigs.release
        }
    }
}
  • Invoke the assembleRelease build task from Android Studio.
  • The package in app/build/apk/app-release.apk is now signed with your release key.
NOTE: you can use the keystore and private key generated in above section.

Best Practice:

It is a bad idea to include password in configs. This would appear in the version control system.

signingConfigs {
    release {
        storeFile file("myapp.keystore")
        storePassword "password123"
        keyAlias "thekey"
        keyPassword "password789"
    }
}

Instead, make a gradle.properties file which should not be added to the version control system:

KEYSTORE_PASSWORD=password123
KEY_PASSWORD=password789

That file is automatically imported by gradle, so you can use it in build.gradle as such:

signingConfigs {
    release {
        try {
            storeFile file("myapp.keystore")
            storePassword KEYSTORE_PASSWORD
            keyAlias "thekey"
            keyPassword KEY_PASSWORD
        }
        catch (ex) {
            throw new InvalidUserDataException("No KEYSTORE_PASSWORD or KEY_PASSWORD in gradle.properties.")
        }
    }
}

References

http://developer.android.com/tools/publishing/app-signing.html https://github.com/futurice/android-best-practices#gradle-configuration