viglacerabahien.com requires that all APKs be digitally signed with a certificate beforethey are installed on a device or updated. If you use viglacerabahien.com AppBundles, you need to sign only your app bundle before youupload it to the Play Console, and Play App Signing takes care of therest. However, you can also manually sign your app for upload to Google Play andother app stores.
Bạn đang xem: Xuất File Apk Trong Android Studio
This page guides your through some important concepts related to app signing andsecurity, how to sign your app for release to Google Play using viglacerabahien.com Studio,and how to opt in to Play App Signing.
The following is a high-level overview of the steps you might need to take tosign and publish a new app to Google Play:
If instead your app is already published to the Google Play Store with anexisting app signing key, or you would like to choose the app signing key for anew app instead of having Google generate it, follow these steps:
This page also explores how to manage your own keys for when uploading your appto other app stores. If you do not use viglacerabahien.com Studio or would rather sign yourapp from the command line, learn about how to useapksigner.Note: If you are building an Wear OS app, the process for signing the app candiffer from the process described on this page. See the information aboutpackaging and publishing Wear OSapps.
Play App Signing
With Play App Signing, Google manages and protects your app's signingkey for you and uses it to sign your APKs for distribution. And, because appbundles defer building and signing APKs to the Google Play Store, you need toopt in to Play App Signing before you upload your app bundle. Doing solets you benefit from the following:Use the viglacerabahien.com App Bundle and support Google Play’s advanced delivery modes.The viglacerabahien.com App Bundle makes your app much smaller, your releases simpler,and makes it possible to use feature modules and offer instant experiences.
Increase the security of your signing key, and make it possible to use aseparate upload key to sign the app bundle you upload to Google Play.Note: Opting in to Play App Signing applies for the lifetime ofyour app. In order to ensure security, after you opt in you cannot retrieve a copy of your app's signing key andyou can't delete it from Google's servers without deleting your app.
Play App Signing uses two keys: the app signing key and the uploadkey, which are described in further detail in the section about Keys andkeystores. You keep the upload key and use it to sign your appfor upload to the Google Play Store. By using a separate upload key you canrequest an upload key resetif your key is ever lost or compromised. Bycomparison, if you’re not opted in to app signing with by Google Play and youlose your app’s signing key, you lose the ability to update your app.
When you are ready to publish, you can sign your app using viglacerabahien.com Studio uploadit to Google Play. The key with which you sign your app becomes your app’supload key. Google uses the upload certificate to verify your identity, andsigns your APK(s) with your app signing key for distribution as shown in figure1.
If you do not already have an app signing key, you can generate one during thesign-up process.Note: When you opt in to Play App Signing, you aren’t able todownload the signing key from Google. If you want to use the same signing keyacross multiple stores, make sure to provide your own signing key when you optin to Play App Signing, instead of having Google generateone for you.
Your keys are stored on the same infrastructure that Google uses to store itsown keys, where they are protected by Google’s Key Management Service. You canlearn more about Google’s technical infrastructure by reading theGoogle Cloud Security Whitepapers.
When you use Play App Signing, if you lose your upload key, or if itis compromised, you can contact Google to revoke your old upload key andgenerate a new one. Because your app signing key is secured by Google, you cancontinue to upload new versions of your app as updates to the original app, evenif you change upload keys. To learn more, read Reset a lost or compromisedprivate upload key.
The next section describes some important terms and concepts related to appsigning and security. If you’d rather skip ahead and learn how to prepare yourapp for upload to the Google Play Store, go to Sign your app forrelease.
Keys, certificates, and keystores
When it comes to signing your app, it’s important to understand the concepts anddefinitions described below.
A public key certificate (.der or .pem files), also known as a digitalcertificate or an identity certificate, contains the public key of apublic/private key pair, as well as some other metadata identifying the owner(for example, name and location) who holds the corresponding private key.
When signing your app, the signing tool attaches the certificate toyour app. The certificate associates the APK or app bundle to you andyour corresponding private key. This helps viglacerabahien.com ensure that any futureupdates to your app are authentic and come from the original author. The keyused to create this certificate is called the app signing key.
You can download the certificate for your app signing key and your uploadkey from the app signing page in the Play Console in order to register yourkey(s) with API providers. The certificate can be shared with anyone.It does not contain your private key.
Every app must use the same certificate throughout its lifespan in order forusers to be able to install new versions as updates to the app. For more aboutthe benefits of using the same certificate for all your apps throughout theirlifespans, see Signing considerations below.
A certificate fingerprint is a short and unique representation of acertificate that is often requested by API providers alongside the package nameto register an app to use their service. The MD5, SHA-1 and SHA-256 fingerprintsof the upload and app signing certificates can be found on the app signing pageof the Play Console. Other fingerprints can also be computed by downloading theoriginal certificate (.der) from the same page.
The following are the different types of keys and keystores you should understand:App signing key: The key that is used to sign APKs that are installed on auser's device. As part of viglacerabahien.com’s secure update model, the signing key neverchanges during the lifetime of your app. The app signing key is private and mustbe kept secret. You can, however, share the certificate that is generatedusing your app signing key.
Upload key: The key you use to sign the app bundle or APK before youupload it for app signing with Google Play. You mustkeep the upload key secret. However, you can share the certificate thatis generated using your upload key. You may generate an upload key in one of thefollowing ways:If you provide the app signing key to Google when opting in your new orexisting app, then you have the option to generate a new upload key during orafter opting in for increased security.If you do not generate a new upload key, you continue to use your appsigning key as your upload key to sign each release.
Tip: To keep your keys secure, it’s a good idea to make sure your appsigning key and upload key are different.
Java keystore (.jks or .keystore): A binary file that serves as arepository of certificates and private keys.
Play Encrypt Private Key (PEPK) tool: Use this tool to export private keysfrom a Java Keystore and encrypt them for transfer to Google Play. Whenproviding the app signing key for Google to use, select the option toExport and upload a key from a Java keystore and follow the instructionsto download and use the tool. Alternatively, select the option toExport and upload a key (not using a Java keystore) to download, review,and use the PEPK tool’s open source code.
Sign your debug build
When running or debugging your project from the IDE, viglacerabahien.com Studioautomatically signs your app with a debug certificate generated by the viglacerabahien.comSDK tools. The first time you run or debug your project in viglacerabahien.com Studio, theIDE automatically creates the debug keystore and certificate in$HOME/.viglacerabahien.com/debug.keystore, and sets the keystore and key passwords.
Because the debug certificate is created by the build tools and is insecure bydesign, most app stores (including the Google Play Store) do not accept appssigned with a debug certificate for publishing.
viglacerabahien.com Studio automatically stores your debug signing information in a signingconfiguration so you do not have to enter it every time you debug. A signingconfiguration is an object consisting of all of the necessary information tosign your app, including the keystore location, keystore password, key name, andkey password. You cannot directly edit the debug signing configuration, but youcan configure how you sign your release build.
For more information about how to build and run apps for debugging, see Buildand Run Your App.
Expiry of the debug certificate
The self-signed certificate used to sign your app for debugging has anexpiration date of 30 years from its creation date. When the certificateexpires, you get a build error.
To fix this problem, simply delete the debug.keystore file stored in one ofthe following locations:~/.viglacerabahien.com/ on OS X and Linux C:\Documents and Settings\user\.viglacerabahien.com\ on Windows XP C:\Users\user\.viglacerabahien.com\ on Windows Vista and Windows 7, 8, and 10
The next time you build and run a debug version of your app, viglacerabahien.com Studioregenerates a new keystore and debug key.
Sign your app for release to Google Play
When you are ready to publish your app, you need to sign your app and upload itto an app store, such as Google Play. When publishing your app to Google Play,you should also opt in to Play App Signing. This section shows you howto properly sign your app for release and opt in to Play App Signing.
Generate an upload key and keystore
If you don't already have an upload key, which is useful when opting in to PlayApp Signing, you can generate one using viglacerabahien.com Studio as follows:In the menu bar, click Build > Generate Signed Bundle/APK.In the Generate Signed Bundle or APK dialog, selectviglacerabahien.com App Bundle or APK and click Next.Below the field for Key store path, click Create new.
On the New Key Store window, provide the following information for yourkeystore and key, as shown in figure 2.