Android Apps are required to have a key before they can be submitted to online distribution markets. The key provides security for your app as
it authenticates you as the owner of the app and if you want to make updates to your app the key serves as a verification tool for this purpose.
The key is usually added once you've completed the app, and are ready to distribute it, although
you can add the key anytime you like while making your app. Basically, the app has one signed key, and the distribution market has the other. When you send them an
update for your app, they match the keys to authenicate both the app and you as the owner of it.
Before you can add the key to your app, you must create a 'keystore'. This is the folder that will contain the keys for each app you make. You can name the folder as you like
although a pre-named directory and directory location is usually populated automatically in AIDE. Just use your backspace key if you want to use a different directory or name than what's shown.
You can also add an 'alias' name for your app which is good especially if your developing more than one app. Make a note of your app's particulars especially the directory location of
the keystore and your password.
In AIDE and Android Studio, you can create a keystore and add a signed key to your app.
Creating a Keystore in AIDE
You only need to create the 'keystore file' one time. Then you need to Specify the
Directory Location of the keystore for each app you want to add a key to.
As shown in these images, to create your 'keystore file',
From the right side menu in AIDE;
Choose 'Settings' - then 'Build and Run';
Then click to checkmark at 'Custom Keystore';
Then choose - 'Create Keystore File';
The Form to enter your info then populates; fill in the required info and your developer info;
Fill in a Password and Confirm Password; (if one is already populated backspace to erase and put in your own);
When the form info is completed, click 'Create', to create your keystore file.
TO SIGN YOUR APP - SPECIFY FOLDER OF KEYSTORE
Now that you created your 'keystore', you can assign a key to your app(s).
The key is added to your app during the build process(when you RUN your app). To add the key and sign your app:
Leave the Checkmark at the 'Custom Keystore';
Next, choose the 'Keystore File',(specify the keystore file used
for signing APKs during build) prompt;
When the form populates, just enter in the directory location of your Keystore File that you created Click OK. Next, RUN your app.
During the app build process,
your signing key is added to the app and added to the keystore file.
Public Key - Certificate Key
In the following image, you can see both the Public Key and the Certificate Key.
The keys are actually just a bunch of numbers and letters. The Public Key, is also known as the apps' Signing Key, Public Key and Public Key Certificate.
This key should not be given to any person or service providing free APIs for you to use in your app.
And, the Certificate Key is also important to your app(apk), and it is generated from the signing key.
This key can be given to services that offer free APIs for you to use in your app(s).
In the image shown, also make note of the valid from and to dates. Basically this defines the life years of your app. Usually 25-35 years is most common to use. And, at some distribution markets
a minimum number of years is required like 30 or 40, but otherwise, you can choose whatever time frame you like.
Creating Your Keystore in Android Studio
Creating a key for your app in Android Studio differs somewhat from AIDE. Here you provide two passwords, one for the keystore itself, and also one for the key for the app your signing.
Make a note of your passwords and the directory location of your keystore.
To create your keystore in Android Studio:
From the Menu bar
Click Build>Build>Generate Signed (Bundle) Apk;
Then Select Android APk, Click Next;
At field of Key store path click Create New;
Then at the New Key Store window enter required info;
Enter a Password for the Keystore;
Enter a Alias Name for the key;
Enter a Password for the key;
Click the Export encrypted key
if your opting in to Google Play Key Signing
In the window, choose the Destination Folder for your signed app, and select the Build Type Click Finish
To read a detailed guide Signing Your App Using
Using Google Play Key and Amazon Key
As you submit your new apps to various appstores you will find that some prefer to use their own method of signing your app before distributing them.
Here we will mention the key signing of Google Play Appstore and Amazon AppStore.
At Amazon Appstore your app key is removed and replaced with Amazon's own distribution key. To do this, they use the MD5 and SHA values from your app's signatures, and a
new key is created. If you use Amazon Appstore, this key is provided automatically for you. This same key is used for all your apps in the appstore.
At Google Play Appstore they allow you to use your own signed app key; although they prefer you use theirs.
At Google Play AppStore they use two keys. One for uploading your app(Upload Key) and the other for distributing your app(Distribution Key)
If you want to use the key that you signed your app with it becomes your 'Upload Key', and this same upload key must be used for the life of your app including any and all updates you want to make.
If you lose or your
upload key is compromised you cannot send updates to your app; and if you give your app a new signed key;(upload key) then it must be re submitted as a 'New App', thus
you lose all your ratings on Google Play, and the 'New App' must also be submitted using a new Package Name.
If however, you opt-in to Google's Play app signing service (included with your $25 US membership) and you have their 'Upload Key', and it is lost or compromised, Google
will simply give you another one, and you continue to send updates as you did previously. You don't lose any of your Google ratings; and you don't have to submit a new app
with a new package name.
This is why Google recommends and prefers you use their app signing service. Also at Google, your apps' validity (life of app in years) must be at least 34 years.
To read a detailed guide about
App Signing at Google Play
APK ANALYZER TOOL
An APK Analyzer tool is useful for developers as it allows you to view your apk files on your device, export or share your app apk file, and provides additional info about your app apk
such as Public key, Certificate Key,
MD5 value, SHA values, app name, package name, first install date of app, SDK of app, version of app device,
developer name, organization name, address, city, country.
And some free API services require the app's (apk) Certificate Key for allowing you to use their APIs in your app. By using the APK Analyzer tool you can easily find
the Certificate Key for any app you've developed.
You can find many free and paid APK Analyzer tools on Google Play and Amazon.
This one is free with in app advertising, and provides for Sharing and Exporting of APK files.
APK Analyzer Tool