Skip to content

Detailed information on keystore generation, APK alignment, and APK signing.

License

Notifications You must be signed in to change notification settings

community-web-service/APK-Signing-Guide

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 

Repository files navigation

APK-Signing-Guide

Detailed information on keystore generation, APK alignment, and APK signing.

Read the guide here.

To-Do

  • Explain how a public key is stored within a certificate.
  • Explain how APK signature validation works.
  • Add instructions for how to install and configure both JDK and Android SDK Build Tools
  • Consider adding a tl;dr section
  • Determine if Android API Level >= 24 with APK Signature Scheme v2 supports MD5, SHA1, and SHA384.
  • Explain why it is important to use secure hash functions and key algorithms when signing APKs
    • Future proofing against depreciation.
    • Prevention of collision attacks.
  • Explain different hash functions and key algorithms.
  • Note that apksigner can accept a keyfile and a certificate file in place of a keystore.
  • List additional apksigner commands.
  • Explain how to generate a debug keystore.
  • Consider adding examples.
  • Detail z flag for zipalign.

Releases

No releases published

Packages

No packages published