Creating APKs That Can't be Uploaded

Hey guys,

So I'm making an app for an OEM :-D They want to have the app pre-installed on their devices which is fine, but I'd rather they didn't also uploaded the apps to the Play Store and of course I have no way to know whether they're trustworthy at this point...

So my question is whether or not there's a way I can create an APK that can't be uploaded to the Play Store. I was thinking that if I used the same key as one of the apps I already have there then that might do it... would that work? And is there another way?

Thanks a lot all, hopefully this hasn't already been asked elsewhere but I couldn't find anything.

I was thinking that if I used the same key as one of the apps I already have there then that might do it... would that work?

Click to expand...

No. There is no problem with signing many apps with the same key. You can sign your app with the debug key. Such APKs cannot be uploaded.
Though they can rebuild the APK and sign it with their own key.

Another option is to upload a draft application with the app package name. They will not be able to upload the APK without changing the package name which is pretty difficult.

Brilliant, thanks a ton that's perfect :-D I don't think these guys are particularly code-savvy, so I'll use both those methods and hopefully that will keep my work safe

Instead of fiddling with debug keys, which might disrupt certain security software (they tend to scan for applications with keys like that), why not make it so that the market manifest parameters, like screen size, are all false? These fields are ignored when preinstalling, but if they manage to upload the app to Play, only clients that are eligible to install it will be shown the app in the first place - and nobody will be eligible to install it.

Alternatively, just include in your contract that you will not permit them to upload it to any distribution networks, and if they do so, it's a breach of contract. But that's the more law and trust oriented method.

That's genius thank you! And yeah I was having difficulties with the debug key as I'm using the maps API. This is a smart system.

Lol I do like the idea of going the trust route, but that's the problem with the web. These guys are halfway across the world and I can't really afford a lawyer!

Thanks again for your help all