How to sign your APK or Android App Bundle in release mode in Visual Studio Native-Activity Application (Android) project?
When I rebuild solution and deploy solution in release ARM target, navigate to Release folder and drag and drop apk file to play.google.com (Play Store), there is following error message.
Upload failed
You uploaded a debuggable APK or Android App Bundle. For security reasons you need to disable debugging before it can be published in Google Play. Learn more about debuggable APKs or Android App Bundles.
You uploaded an APK or Android App Bundle that was signed in debug mode. You need to sign your APK or Android App Bundle in release mode. Learn more about signing.
I have manged to generate and download deployment_cert.der on play store, but not sure how it can be added to apk in Visual Studio Native-Activity Application (Android) project.
Figered it out now.
Built APK file can be signed by using command line (without need of installing Android Studio). This can be done as follows:
1.) Bellow will allow to build unsigned APK in release mode:
.packing project Properties --> Ant --> Ant Build Target --> Release (Release Mode)
2.) Add JDK and Android SDK to PATH. In my case (installed by VS installer) those paths are:
C:\Program Files\Java\jdk1.8.0_172\bin
C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3
3.) Create keystore with key:
keytool -genkey -v -keystore my_app.keystore -alias alias_name -keyalg PSA -keysize 2048 -validity 10000
4.) Sign APK:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my_app.keystore My.App.Packaging-release-unsigned.apk alias_name
5.) ZIP align:
zipalign -f -v 4 My.App.Packaging-release-unsigned.apk My.App.apk
6.) Drag and drop to Play Store
Related
I got 'App not installed as package appears to be invalid' message when trying to install my signed release app manually on Android 12. However, it can be installed in my other phones which are Android 9 and Android 6.
I use jarsigner to sign my apk :
$ jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore my-release-key.keystore <app-release-unsigned.apk's path> alias_name
And use zipalign to optimize :
$ zipalign -v 4 <path-to-same-apk-file> HelloWorld.apk
I've change my phone setting so that able to install unknown apk and tested with app-debug.apk and it works just fine. For more information, my app is written by using quasar framework and built by using cordova.
On Android 12, you have to use V2 signing scheme to sign your APK. Unfortunately, jarsigner is only v1 signing scheme.
In short, use apksigner to sign your APK in place or jarsigner, or if you use Android Studio, don't forget to check the "V2 signing" check box or define the signingConfig enabling v2 signing.
I have an APK which I got out of a CI pipeline. The CI pipeline builds in release mode but only generates unsigned APKs.
In order to test the generated APK on a real device, I would like to sign it with my debug key. (I have an earlier version of that APK installed, built locally and signed with my debug key, and would like to keep the data.)
Is that possible? How do I do that from the command line?
Assumig you have a debug key, try this command -
jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android path/to/my.apk androiddebugkey
(The default key store resides in ~/.android/debug.keystore, both passphrases are android, and the key alias to use is androiddebugkey.)
And, next to verify its signature use
jarsigner -verify -verbose -certs app-release-unsigned.apk
Note that the APK will be modified; work on a copy if you don’t want that.
I am trying to build a signed apk for Android platform using cordova.
I have already created unsigned apk using cordova --release android.
But i am unable to sign usejarsigner and zipalign.
kindly help.
I have already solved my problem.
I am explaining its steps for the people who are still stuck in it:
Create a unsigned apk.
Run this command cordova --release android after getting to the location of the project.
You can find the unsigned apk in
project_name\platforms\android\build\outputs\apk\android-release-unsigned.apk
Copy this apk and keystore tool in one folder.
Navigate to the folder and sign it using jarsigner present in java.
Run this command,
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore <keystorename <Unsigned APK file> <Keystore Alias name>
After this you will be prompt to enter password of keystore.
Go to location of zipalign.
(it is present in Android\SDK\build-tools\version)
Run this command
zipalign -v 4 "location of signed apk" "location of aligned apk"
I generated a apk file by running
meteor build ~/output-dir --server=myapp.meteor.com
,
then got release-unsigned.apk in the folder output-dir, it looks good.
I copy this apk file to my Android phone and tried to install it, after install guide, it shows message App not installed.
I have installed some apk files built by java on my phone before, it works, so is there something I need handle when I install apk file built by meteor?
As the documentation states, you can't install unsigned applications on your Android phone:
Android requires that all apps be digitally signed with a certificate
before they can be installed.
As far as I can tell, you have the following two options to run your app:
Use an emulator to run your unsigned app or
sign your app.
To sign your app, you can use the steps, described in the Meteor guide for submitting Android apps to the Play Store:
Generate a private key using the keytool (skip this step, in case you already have a private key generated):
keytool -genkey -alias your-app-name -keyalg RSA -keysize 2048 -validity 10000
Sign your app using the jarsigner tool:
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 unaligned.apk your-app-name
After that, you should be able to install and run your application on your Android phone.
I compiled successful project HTML5 to Android by Cordova, it produced some files as HelloWorld-debug.apk, HelloWorld-debug-unaligned.apk ...
Really I don't know meaning of debug, unaligned, I want upload file apk to Android market, this files met enough requirements of Google?
the -debug apk is you app unsigned with debug info. It can be installed on your device. (need to allow installation of unknown apps)
If you want to have a release app you need to run
platforms\android\cordova\build.bat --release
(replace \ with / and remove .bat for unix based computers)
and then to sign the app :
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore pathtoyourkeystorefile.keystore platforms\android\bin\yourapp-release-unsigned.apk nameofthekeyinkeystore
replace pathtoyourkeystorefile.keystore with the path to your previously created keystore file, yourapp with the name of your app and nameofthekeyinkeystore with the name of your key in the keystore
and then your file will still be named -release-unsigned.apk so you can rename it to -release-signed.apk or just .apk and it will be ready to be uploaded to the store.