Android APK signing/distributing rules

Summarizing the general rules around the APK signing.

• Customer usually has the signing keystore for deployment on Google Play.
• The unsigned APK will NOT install on any device and hence cannot be used for testing.
• Application can be signed in 3 different flavors depending on the need:

`assembleDevelopmentDebug` (debug Signed APK - Development flavor)
`assembleProductionDebug` (debug Signed APK - Development flavor)
`assembleProductionRelease` (release unsigned APK - For play store after customer signs).

• Flavors are based on the assumption that the app has defined them with the following blocks in build.gradle.

signingConfigs {
    debug {
        storeFile file('../certificate/debug.keystore')
    }
}

buildTypes {
    debug {
        applicationIdSuffix ".debug"
        debuggable true
        signingConfig android.signingConfigs.debug
    }
    release {}
}

productFlavors {
    development {}
    production {}
}

• Every APK that is submitted on the Play store needs to be digitally signed by a certificate (keystore). There are usually two types of keystores.

• debug.keystore debug.keystore is used to sign the application while distributing in debug mode. You will find this keystore in ~/.android/ folder on OSX and Linux. This is a standard debug keystore created by SDK tools with following predetermined credentials.

Keystore name: "debug.keystore",
Keystore password: "android", 
Key alias: "androiddebugkey", 
Key password: "android"

• release.keystore Before the application is submitted to play store, it must be signed using release.keystore. Once signed and uploaded, all the next releases MUST be signed by the same keystore. This is an essential requirement and not even God Google can restore your access if you loose it. The credentials for this keystore are (ideally) only available with the client. This keystore can generated by using keytool. keytool is a Java utility which manages a keystore (database) of cryptographic keys.

$ keytool -genkey -v -keystore my-release-key.keystore
  -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

• The keystore has 3 private keys associated with it, keystore password, key alias, and key password. When the above command is executed, it asks for the new credentials and generates my-release-key.keystore.

• For uploading the APK on play store, the following images should help.

  
  

view raw APK_Rules.md hosted with ❤ by GitHub

Change the name of remote git branch

Warning: Reader is strongly encouraged to take a backup of the local repository before performing the steps mentioned in this post.

This post is intended to guide the reader about how to change the name of a remote branch in Github. Suppose there is a branch named feature/branch_a, and it is to be renamed to test/branch_a. The initial remote and local repositories may look something like this:

Remote:



Local:


* Command(s):
-  git branch -v (Shows a list of all branches, with current branch highlighted)

With the branch feature/branch_a checked out, create a new branch with the name test/branch_a.


* Command(s):
-  git branch -v (Shows a list of all branches, with current branch highlighted)

-  git checkout -b test/branch_a (Creates a new branch and at the same time switches to the branch)

Push the branch on the remote server, and then delete the older branch from both remote and local repositories.


* Command(s):
-  git push --set-upstream origin test/branch_a (link locally create branch to the remote server, and push it)
-  git push origin :feature/branch_a test/branch_a (Deletes branch from remote and replaces it with the new one)

That is it! You are good to go.



Enjoy!