I want to make my Android code “open source” and this link says there is certain sensible information in the build.gradle files that should not be published:
https://developer.android.com/studio/publish/app-signing.html#secure-shared-keystore
The thing is that I cannot see such information in my build.gradle files. No passwords nor anything sensible. I sign the apk with a digital certificate by using Android Studio’s “wizard”.
Could it be that the link above is out of date and perhaps, with a new Android Studio version that sensible information is not put in the build.gradle any more? Or what am I missing?
Thanks
Android Studio doesn't add anything to your build.gradle files. The so-called 'wizard' uses standalone jarsigner, and the credentials are provided each time or cached by the IDE, so it's like you used the second method.
The first method describes a way to sign apks using a gradle task, which is also an option, but it seems, not the one you're using.
To conclude, you don't need to provide signing config to build.gradle to have the ability to sign apks. So unless you have any other secure keys in your files, you should be fine.
Related
I'm developing some changes for an app. It worked properly and compile fine before I configured a VPN (I think this may be related to the problem). Since that the aplication compiles fine but I can't update from previous versions to the new one (let's say from 1.0.0 to 1.0.1), an error message says "The package appears to be corrupt". The version number and code are updated.
I've found this, but it doesn't fix my problem: I've compiled in release and debbug.
It's documentated that the problem is related with the signing of an app in Xamarin because I can install the apk from scracth without updating, I've loaded the keystore again, check the path %AppLocalData%, configure again the path manually... nothing. Besides, the 'debbug.keystore' file doesn't open when the app is compiled, nevertheless it's open when I use the command in the document to load it again. I don't know if it should open, just saying. The key file is the same, nothing else changed.
Thank you for your help!
The debug.keystore is as the name suggests, only for debugging. It will differ between different machines you install Visual Studio.
Make your own keystore and save it somewhere secure. Especially if you plan to release the App in Play Store. If you misplace it, you will have a bunch of issues.
Creating your own keystore will also ensure the same and correct signature every time, and you can configure your project to use your own keystore instead of the debug.keystore that Xamarin.Android defaults to.
I made everything above again and it worked, not sure what was wrong. For those of you that may have a similar problem that's what I tried:
Check your keystore (it must be the same for different compilations) and store in a safe place as Cheesebaron says.
Check you have well configured the path for your keystore.
You may have a wrong enviroment variable if the step above fails (i.e. %AppLocalData% pointing to other location).
Check your version number. The number for a version must be higher than previous versions, you may use YYMMddXX (XX for differnet compilations in the same day)
If you altern to compile in release/debug, make sure your code doesn't affect the path to the keystore
Am having a bad time with android in order to create new release
i have created a Signed APK with two option
then i zipped the .apk file,after trying to upload it to google console am getting the below error
Your Instant App APKs do not declare a valid 'android:targetSandboxVersion' attribute in their AndroidManifest. Using the 'com.android.feature' Gradle plugin to build your Instant App would add this attribute automatically.
Note : the file zipped and all the solutions asking to zip the file, no luck :(
You need to be clear if you are producing an Instant App or a normal Android app. I think this is what is confusing you, or maybe you just aren't being clear in the question.
Android Instant Apps are special Android apps that launch from a web page, and don't need a user to install them. To build them you need the Instant Apps SDK, and to follow the development instructions here. Android Studio will produce a zip for you, you don't need to do it manually
For normal Android apps, you don't need to zip your APKs. Just upload the APK itself to the Play Console.
I think you are probably making a normal Android app, but because you are zipping it, the Play console thinks you are uploading an instant app. So stopping Zipping your APK, and just upload it to the Play Console as a ".apk" file.
While you are at it, I'd recommend using APK V2 signing - it gives much faster installation on modern devices.
I'm newbie on Maven and I would need to set up a testing project for a complete Android device using Robotium, Android Maven plugin & Jarsigner.
In order to successfully deploy, install & run the tests on device, they would need to be signed using the same private keys the native apps (Eg. Contacts, Messaging, Camera...) on the device are using. Since there are several different keys, and it seems that the key aliases are defined in pom.xml-files (only one in each file in jarsigner configuration?), do I need to have multiple pom's defined in my project, or can they be defined elsewhere? The approach using multiple poms sounds hard to maintain.
Look at the morseflash example on how to set up signing. I am not sure I understand your question in terms of multiple keys and the native apps. You have to use your own key for your own app. And that is completely independent of any other app.
I created a .apk outside of eclipse using tiggr mobile (http://gotiggr.com)
i have the downloaded .apk and need to sign it - so i thought about running it through eclipse then signing it that way
im having the worse trouble importing it into eclipse.
does anyone have any other suggestions on signing this? i keep getting this message when uploading:
Market does not accept apks signed with the debug certificate. Create a new certificate that is valid for at least 50 years.
Market requires that the certificate used to sign the apk be valid until at least October 22, 2033. Create a new certificate.
Market requires the minSdkVersion to be set to a positive 32-bit integer in AndroidManifest.xml.
thanks for your help!
It would be faster to get the source code into eclipse via retyping it than to try and unsign and explode the apk, edit the manifest, fool the tools and sign the package. The tools can be run at the command line anyways and eclipse would just make it harder.
One problem you have is that there are problems in your manifest. The market requires some attributes set in it that you did not need while doing developer builds. You can open up the apk with anything that will open a zip file. You can edit text files with notepad. You package them up with ant by recreating the build.xml by hand. The instructions for signing things is here:
Android Dev-Guide: Signing your Applications
But what a LOT of work... and I am guessing you will need to do this multiple times just for one release to get the manifest right. Then what do you do when you need to update your program?
Will the service not let you export the code in an easy to use way (because... wow... talk about evil)? Failing that cut and paste will save you time but you will almost certainly want to have it in eclipse or some IDE ready to make changes for your market release and build, package and to sign it.
That's not your issue. I suppose you compiled your app and now you're trying to publish it in the market. To do that, you need a private key whick in turn requires you to have a android market developer account.
Normally you can develop your app and install it into most devices but you can't submit apps to android market without a developer account.
If what you really want is only to import your app to eclipse, I suggest you to create a brand new android project and copy everything into it. It's easier and faster than adjusting everything!
I've got a handful of side-project apps on the go at home, I've setup a Jenkins installation to check them out and build APKs, which I then transfer over to my handset and play around with.
I'm looking to release some of these freely on the market, so I need to sign them with a certificate and prepare the final APK.
Is it possible to do this from Jenkins? For example, could I have one build target that generates my "in development" APKs, and also have that target (or another) create the final APK files ready to go?
Any advice?
If the signing is possible to do automatically (by command line or similar), then the answer is "Yes".
There are several ways to achieve this, but firstly: Is there any good reason not to sign every build?
Signing every build would mean that you don't need any extra configuration to create a releasable artifact, and you know that what you test and what you deploy are the same things.
If you want to be selective about what builds you sign, two approaches come to mind:
Parameterized builds: These are environment variables that can be customized when you click Build now. You can add a flag that you later react on in a build step.
Add another job that picks up the artifacts from your main build job and signs them, using https://jenkins-server/job/jobname/lastSuccessfulBuild/artifact/ or one of the approaches here: How to access Hudson job1 artifacts from another job2?
In the standard Android ant build file is a release target contained. This will if started without further configuration just build an unsigned apk. As Christopher pointed out to do a signed build you can use key.store, key.store.password and key.alias,key.alias.password to configure your keystore and generate signed apks through the ant script. The documentation on this may fprovide further information on configuring the build.
Yes... the easiest way imho is to automate it with Maven Android Plugin. The samples project has the MorseFlash example I wrote in there that has the whole release process automated including jarsigning, zipaligning and proguard runs, switching between development and production config and more.
This can all be done on the command line and therefore on Hudson. Btw if you are interested I did presentations about Maven and Android as well as testing and CI for Android at AnDevCon and the slides are on my web site. http://www.simpligility.com