This question already has answers here:
Can I use the same keystore file to sign two different applications?
(7 answers)
Closed 6 years ago.
I have used always the same keystore and same alias key for all published app...
This is a right choice, or Should I use a different alias for each published app?
I haven't find really clear informations about the right use of keystore.
Keystore file, or signing of the apps, represent that some developer or company certify that application has been developed or verified by that particular company or developer, not the application itself.
So, as far you are developing the app, with name of your company, or yours, you should sign app with same keystore, though not mandatory.
You can use same keystore for signing multiple applications.
There is no need to create new keystore file again and again.
You can follow this for reference.
Sharing a keystore between multiple applications is a bad idea and isn't very secure.
API Consoles that use a keystore for identification can get messy.
If one app keystore is compromised, all apps are compromised
Related
It's my first time building an expo app and I'm just now getting to the build/publish process where Expo asks about generating or uploading a Keystore. My coworker has built and published the app once already so my question is, do I need to use the same Keystore that was generated when he built it, or do I generate another one? Are Keystores app specific or user specific?
This is the link where you can get detailed information.
My coworker has built and published the app once already so my
question is, do I need to use the same Keystore that was generated
when he built it?
Answer is : Yes, you need to use same keystore as app is already
published in playstore. otherwise you are not able to update the
current app in playstore.
In case of KeyStore as the name suggests it is a store of keys. KeyStore is for one developer and using encryption for his works, may be several apps. If he trusts you the simple way is to give you the Keystore and the passwords for all the required apps.
There can be more than one private keys in one Keystore and securely he may decide not to give you!. So what you real need is the private key for that particular app, you may not need the whole Keystore from the other coworker developer. So by securing your apps you are not advised to give the whole keystore and passwords to another person may be if it is very worth it, You can check this from official sources advice in Android Studio Signing Your App and Training on Keystore.
HERE IS WHAT YOU HAVE TO DO
You need to tell your coworker to export the key for that particular app so you can take/import it to your own Keystore. Check the answer to a similar question here where using the command line is like:
keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias ALIAS -deststorepass PASS -destkeypass PASS
And also you can consider using Keystore Explorer Tool to do that to do the export and related stuffs.
But you should also consider using Google Play App Signing as explained in that link, it may simplify your management for apps also and secure the management without using your personal Keystores.
When you use Google Play App Signing, if you lose your upload key, or if it is compromised, you can contact Google to revoke your old upload key and generate a new one. Because your app signing key is secured by Google, you can continue to upload new versions of your app as updates to the original app, even if you change upload keys.
But if you and your coworker you do similar projects and team member and trust each other. The easiest way is to give you the Keystore and necessary Passwords.
This question already has answers here:
Can I use the same keystore file to sign two different applications?
(7 answers)
Closed 6 years ago.
I have 15 android apps to build and host (and update in the future).
Each app has a unique package name.
5 apps will be hosted on one google play account.
the other 10 will be on 10 individual customer accounts.
I dont want a link between the apps, and want to be able to update them seperately in the future.
Question: Can I use 1 Keystore for all? Or will I need a unique keystore for each app? Will this effect the update process in the future? Or do I just need to keep packagename the same to make sure of a successful update?
In theory, you can use the same keystore to sign all the applications. In practice, however, it would be good to use individual keystores per developer accounts. The reason being, they belong to different customers and in future, if somebody else have to update the apps (not you), then you will have to either supply the keystore to the customer or update the application by signing with a different keystore. Both of these can be problematic.
There is no backup of the android keystore used on an app in the play store, but there is a backup of the passwords
is it possible to recreate a valid keystore somehow? perhaps by decrypting an apk
I also don't know the "First name" "Last name" and "Organization" of the keystore
No, you cannot recreate a keystore and there is no way to upload an update that has been signed with a different keystore. I ran into this problem a few years ago and I know other devs who have as well. There is simply no good way to fix it. I learned to keep several copies of my keystore in several different locations incase anything every happened again!
This question already has answers here:
How to build an APK file in Eclipse?
(12 answers)
Closed 2 years ago.
I finished my android app now and i want to upload to the android market.. I have already bought the android license to upload i just want now to know what i need to do with my app.. I heard you need something signed and you need some key.. I can't remember all i heard but is there some complete guide for this or something i can read when i want to make my application into .apk and upload to market.. Im intrested in full guide so i might learn in the future how it works..
I did search the web before for this but they were so unclear guides how to do it.. Didn't help me much at all..
The Android publishing guide explains this step by step. You must sign your app with your private key and generate the signed .apk file, as explained in the linked guide.
The easiest way is to use Eclipse to sign your application. During the signing process you will be prompted to create a password. Make sure you write this down as you will need this to sign updates to your app. Once you've signed your APK, sign into the Android market (http://market.android.com/publish) and upload your binary.
Here's information on signing
http://developer.android.com/guide/publishing/app-signing.html#releasemode
Also, DO NOT lose the keystore file you need to create when signing your app. Without the original keystore file you will not be able to update your app to a newer version, because you won't be able to upload a newer version if it was not signed with the same certificate.
This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
I lost my .keystore file!
I have lost the old keystore for Android app published on Market. I don't want to republish it with different package.
Can I get old certificate through signed original old apk?
Can I signed the apk with multiple keystore?
No, public-private key security mechanism are setup specifically to avoid being able to reconstruct the certificate.
If you've lost your keystore then you're basically stuck.
Always backup your keystore and store it in a secure place (or places).