I created Android app using Android Studio for my bachelorĀ“s thesis. I have to submit my Android Studio project, which will be on schools website and anyone could downloaded.
Are there any sensitive data, which I should delete before publishing?
Any API keys for any external API you are using.
MD5 hashes or Google play store strings.
Keystore files.
.idea files which might have your name or computer name.
Can't really think of anything else.
You public repo should not have secret keys.
Some useful links for hiding secret keys
https://stackoverflow.com/a/34021467/6891563
https://stackoverflow.com/a/46962852/6891563
Related
A month ago I deleted the .jks file thinking it was a duplicate.
I had a file of the same name in my backups, unfortunately I deleted the wrong file and the file I have is not identical to the base signature
I lost the jks keystore file for publishing my app on google play console.
The best solution is to contact the support service. from Google.
You are requesting a reinitialization of the signing key. He will contact you directly by gmail.
I tested and they helped me quickly
I have a few questions related to signing my android app, getting ready for release.
1) Does the path to your keystore have to be located in your project files? Or just anywhere on my computer, like my Desktop?
2) If I do need to keep in located in my project files, how do I make sure I hide the key when I push a commit to my public GitHub repo? Is all I have to do add *.jpk to the gitignore file or are there more files I need to hide from the GitHub repo?
Thanks!
No, you do not have to store it in the project files. Just keep it in a secure location on your computer, and it's always a good idea to keep a backup somewhere else yet. You will need the key when you sign your app again in the future (such as when you make a new release).
Well there was an accident on my computer with it I lost my project and my key to my application. How can I decompile the application and sign with new key?
Long story short, you can retrieve source with some external tools like javadecompilers.com (explained there)
However for your key, you will have to create a new application in the store unfortunately, using a new key (explained here). There's no way around if you don't have it elsewhere.
if you have the .apk, it is actually just a zipped file. For example with 7zip you can right click on the apk file and "extract files".
You will then need to have a new key and sign it.
Only problem i see is if the app was already released, you have to use same account, or else maybe the store will assume you publish someone else code (not sure about that)
I work in a team and will be uploading to the Android play store soon.
Now I have pushed apps to the play store before on my own, but this is my first time doing it within a team of people. So I just have quick questions (of which I tried googling for, but I guess my googling skills failed me).
1 - I will be uploading this app. I will be creating the Keystore file on my local machine. But what if one of my team members wants to push an update? Can I just email him the file?
2 - I understand if we lose the file, we are pretty much done. But can we upload it to a private (but shared) dropbox folder or something?
3 - What if we create a new app? Can the team use the same file for all of the apps created within the team?
Thanks.
1 - I will be uploading this app. I will be creating the Keystore file
on my local machine. But what if one of my team members wants to push
an update? Can I just email him the file?
Yes, If you send them the file, they will be able to sign the app as well.
2 - I understand if we lose the file, we are pretty much done. But can we upload it to a >private (but shared) dropbox folder or something?
Right. Make sure you have multiple copies of the file, but also make sure that they are stored in very secure locations.
3 - What if we create a new app? Can the team use the same file for all of the apps created >within the team?
Yes, one keystore file can be used to sign multiple apps.
1- Yes, you can send your team members the keystore file anyway you want. Better to also send them the password used to create the keystore, so it can be used.
2- Ofcourse, just keep in mind to save where it will be safe. (ie. not stolen/lost).
3- The keystore can be used in all apps without any kind of problem.
This is NOT a request to extract the private key from a .apk file.
I am having a problem signing a new .apk file with same key as the old .apk. This is important to do because it is required by Google in order to update the app in Google Play.
I am "sure" that I have the keystore file and passwords, but I am still having a problem.
One of the debugging steps I would like to perform is extracting any information about the key from the old .apk file. I know I cannot get the private key itself (for obvious reasons). I just want to see the name or other information so I can do a sanity check on getting the keys to match.
My questions are:
1) What information can be extracted from a .apk file regarding key and keystore used to sign it?
2) How do I extract that information?
My preferred platform is Mac, but I can use Linux or Windows as well.