Android Tutorial Signing your application before uploading to Google Play

Status
Not open for further replies.
The result of compiling your application is an APK file. This is a package file that contains the compiled source code and the assets files.
The APK file must be signed before installation. Signing the file means that it is not possible to later modify it without the private key that was used to sign the file.
Android devices will not install an unsigned APK file.

Basic4android uses a default "debug key" to sign applications. This key is fine during debugging. However Android market doesn't accept APK files signed with this key.
You need to create your own private key.
Fortunately it is pretty simple to create such key.
Choose Tools - Private Sign Key

sign_1.png


This dialog allows you to create a new key, load an existing one or to use the debug key.
Keys are stored in a keystore file.
It is not possible to access such a file without its password.

Once you created a new keystore file, Basic4android will use this key for all your projects.
You should be very careful with this file. If this file gets lost you will not be able to update your applications in the market. You will need to publish updates as new applications.
It is impossible to recreate a lost keystore file.
Therefore it is recommended to backup this file.

In the IDE, when you reinstall an application and use a different key, you will see this message:
sign_2.png


Pressing yes will uninstall the previous application and install the new one.
 

Chris_MobileApp

Member
Licensed User
Longtime User
Welcome then. Just saw that you registered yesterday...

Welcome to this great community
thank u..BUt i am facing too many problems..one of them is admob...I copied admob version 1.40 and googleadmob sdk in library folder..I know google admob sdk is not available for download separately these days.but i downloaded the old one from somewhere and renamed and so on.code is also all fine i guess..but i dont see any ads on phone.
 

Chris_MobileApp

Member
Licensed User
Longtime User
thank u..BUt i am facing too many problems..one of them is admob...I copied admob version 1.40 and googleadmob sdk in library folder..I know google admob sdk is not available for download separately these days.but i downloaded the old one from somewhere and renamed and so on.code is also all fine i guess..but i dont see any ads on phone.
AdView1.Initialize2("Ad", "ID/ID", AdView1.SIZE_SMART_BANNER)
Dim height As Int
If GetDeviceLayoutValues.ApproximateScreenSize < 6 Then
'phones
If 100%x > 100%y Then height = 32dip Else height = 50dip
Else
'tablets
height = 90dip
End If
Activity.AddView(AdView1, 0dip, 100%y - height, 100%x, height) ' bottom banner
AdView1.LoadAd 'loads an ad
AdView1.Enabled = True
AdView1.Visible = True
 

Olivier_G

New Member
Licensed User
Longtime User
Hi, now I have a new PC with Windows 8.1
I installed B4A V.4.30
Now when I try to sign Apk I have this message box:
"Cannot overwrite existing file"
(This is apk was signed with my old PC Windows 7)

Why ?

(Excuse my bad english)
 

Olivier_G

New Member
Licensed User
Longtime User
This ?

B4A version 4.30
Parsing code. 0.09
Compiling code. 0.22
Compiling layouts code. 0.01
Generating R file. 0.17
Compiling generated Java code. 2.28
Convert byte code - optimized dex. 1.34
Packaging files. 0.34
Copying libraries resources 0.00
Signing package file (debug key). 1.01
ZipAlign file. 0.10
Installing file to device. 10.39
Device serial: emulator-5554
Completed successfully.
Code editor is in read-only mode during debugging.
Press Debug - Stop (or on the Stop button at the bottom) to stop the debugger.
 

Olivier_G

New Member
Licensed User
Longtime User
When I try to import it into Google Play, I have:

Import failed.

You have imported an APK file with a debug mode signature. You must create an APK file with a signature output version mode.
 

thehe

Member
Licensed User
Longtime User
I used same Sign-key for may applications
Spell1, spell2, splell3 . . . with different icons.
I chose same private-key for each application.
When copying all .APK s to my device, I installing them, but the latter overrides previous one.
How to make them separately?
 

fbot

New Member
Licensed User
Longtime User
hi Erel
i have a problem when i compile my app.
In the compile box show me this message :

B4A version 4.30
Parsing code. 0.00
Compiling code. 0.09
Compiling layouts code. 0.00
Generating R file. 0.12
Compiling generated Java code. 1.44
Convert byte code - optimized dex. 0.54
Packaging files. 0.26
Copying libraries resources 0.00
Signing package file (private key) 1.25
ZipAlign file. 0.13
Installing file to device. 0.25
Installing with B4A-Bridge.
Installation will fail if the signing key is different than the previous used key.
In that case you will need to manually uninstall the existing application.

Completed successfully.

and my app not install in the phone.

where is the problem ?

excuse my bad English I hope you understand.

my phone is nexus5 with android 5.1

b4a paths configuration is this :
javac.exe = C:\Program Files (x86)\Java\jdk1.7.0_79\bin\javac.exe
android.jar = C:\Users\user\Desktop\Android\platforms\android-22\android.jar

b4aV0.1 =
Left=0
Top=0
ClientSizeWidth=1351
ClientSizeHeight=670
FontName=Courier New
FontSize=10
FontBold=False
WindowState=False
TabSize=4
WordWrap=False
AutoSave=True
TvSubsWidth=228
ShowToolTips=True
CompileMode=2
NumberOfRecentFiles=1
DesignerTopMost=False
RemoteCompilationMode=False
TestCompileWhenSaving=True
ClearLogsWhenSaving=True
DisplayHexValues=True
RecentFile1=C:\Users\user\Desktop\app_nolo_auto\AT autonoleggio.b4a
MaxRamForDex=512
UseOptimizedDexer=True
OptimizedDexerPort=42409
DesignerDesktopPort=36728
DesignerDevicePort=5000
ProcessesTimeoutSeconds=60
SignKeyFile=C:\Users\user\Desktop\keyb4a.keystore
SignKeyPassword=********
DebugDesktopPort=12121
BackgroundGuiThreadInterval=1000
SignKeyAlias=b4a
PlatformFolder=C:\Users\user\Desktop\Android\platforms\android-22
ToolsFolder=C:\Users\user\Desktop\Android\tools\
JavaBin=C:\Program Files (x86)\Java\jdk1.7.0_79\bin
AdditionalLibrariesFolder=
SharedModulesFolder=
SavedIp1=192.168.1.25

tanks.
 

DonManfred

Expert
Licensed User
Longtime User
Installation will fail if the signing key is different than the previous used key.
Do you have two B4A installations? This happens when you are using different sign keys on your both development machines.
The app already installed is signed with another key then the one you actually want to install. Use the same key on all your developmentmachines. ONE Key for all your Apps.
 

Bob Sabrook

Member
Licensed User
Longtime User
Stupid question of the year :)

Whilst I understand the basic aim of signing is to identify the origin of my app,
I am unsure of the theory of how the keystore [and its password] is used.
a) is the keystore a source component used to hold the private key and origin details under password protection?
b) is a distributed certificate generated (not containing the private key) from the keystore and embedded in the apk file?

I understand that the public key can decrypt something that was encrypted with a related private key.
In this way the public key is used to authenticate my apps privately encrypted origin details.
That suggests - in the apk file - we only need to publicize the public key and origin details encrypted with the private key.
We do NOT need to distribute the password protected private key.

Anyway, I found that it is NOT possible to re-create an identical keystore with the same details and password - because the creation TIME is different. This begs the question; what is the point of the keystore password? I presume it hides my private key from anyone already accessing the source code, yet the exact instant of the certificate to re-create would seem to be needed too, somehow.

Any references to simple explanations and diagrams on the interplay between the keystore, password, date/time and apk file would be gratefully appreciated. The internet is awash with "how to" snippets, I am loosing sight of why :).
 

Bob Sabrook

Member
Licensed User
Longtime User
Erel, many thanks, really appreciate you taking the time to help out, and it does help a lot.

This Wiki on APK files helped too,
https://en.wikipedia.org/wiki/Android_application_package
it shows that APK files are zip archives and they do contain a certificate with many other resources. So you can peek inside your.apk file by naming a copy to your.apk.zip and letting your operating system show you the files inside.
 
Last edited:

jjmairena

Member
Licensed User
Longtime User
hello friends attempt to raise my apk playstore but tell me ... You uploaded an APK that is not aligned . You must execute an alignment tool archives ( zip aligned ) in your APK and re-upload .
 

avrtech

Member
Licensed User
Simple and clear tutorial, as a beginner in Basic4Android keystore I generated without any problem.

It works great.
 

Emerito

Active Member
Licensed User
Longtime User
Intento subir una app a Google, pero da el siguiente error, He usado Tools -> Private Sign Key, El nombre es: DeCaza.apk
upload_2017-2-9_10-22-48.png
 
Status
Not open for further replies.
Top