The CommonsBlog


Letting Others Sign Your Apps is Short-Sighted

UPDATE: This post has major flaws regarding the behavior of Google Play App Signing. This page remains up with strikethroughs, but the post has been pulled from the blog in all other respects. I apologize for the mistakes.


Today, Google announced that, in ten days, owners of Android 2.1 and older devices will no longer be able to use the Android Market. Android veterans will recognize the “Android Market” name as the predecessor to the Play Store. From a practical standpoint, this is not a surprising decision on Google’s part, and I expect many developers will either yawn or joke about old Android versions.

And yet, this is a great illustration of why, IMHO, it is stupid to allow others to sign your apps (e.g., what happens if you opt into Google Play App Signing).

With the large number of Android developers out there, undoubtedly some will want to continue supporting Android 2.1 and older devices. Perhaps that is the type of device that they use themselves, or they know people with such devices. Perhaps they recognize that not everybody is in position to upgrade, just as not everybody is in position to get off of Windows XP or Windows 7. And so on.

These developers can start publishing their apps through some other channel, including self-distribution. So long as the APK is signed by the same signing key, existing users should be able to get updates from wherever. So, if Google is going to abandon Android 2.1 and older, while that is a headache for affected developers and users, it is merely a headache.

But what if Google Play App Signing had been the recommended option from the beginning? The APKs are signed with a Google-generated signing key, one that the developer does not have and cannot get.

Now developers would have to figure out how to get a Google-signed APK out to people by means other than the Play Store. I have not read the terms and conditions of Google Play App Signing, but it would not shock me if pirating your own app is considered a violation. Developers could instead publish a separate app under their own signing key to Android 2.1 and older devices, but then existing users have to migrate to this new app, possibly losing data along the way.

We have seen this sort of external signing before. Once upon a time (and perhaps to this day), Amazon would repackage your app with DRM-style protections and re-sign it as part of delivery through the Amazon AppStore for Android. If Amazon decides to drop certain users, you’re in trouble.

As a developer, you need to avoid anything that can unilaterally block your ability to deliver your app and its updates to your users. Distributing your app through the Android Market/Play Store is an option, and so long as you have other options, particular policy decisions that Google might make are not show-stoppers.

Now, some of you who have read to this point are probably dismissing this whole issue, on the grounds that you really do not care about people with old Android devices. Tactically, that’s fine. Strategically, though, Google’s decision to drop the Android Market is merely an example — Google can make any decision it wants, and those decisions might cut you off from certain of your users.

Google has left certain markets for certain services due to court rulings and legislation. For example, Google closed down Google News in Spain as a result of a “Google News tax” imposed by the government. There is little stopping Google from deciding to stop supporting the Play Store in certain countries for similar reasons. That would cut you off from the ability to update users in those countries… unless you can get a properly-signed app to them by other means.

Another scenario involves China. Suppose that Google decides to change its policies in order to be allowed to operate in China again. It is well within reason that China will demand that Google block people from Google services based upon government criteria. If that extends to the Play Store, some of your users might stop receiving app updates because they “got on a list” sometime after obtaining your app. Worse, once this sort of filtering system is in place, it becomes easier for Google to apply it in other places, for whatever justifications that Google management decides. Some of your users might find that they “got on a list” for other reasons, having little directly to do with China. The big picture is the ethics of this sort of filtering. More narrowly, as with the Android Market closure, you get cut off from some of your users, because Google (and China) said so.

Having the ability to sign your own APKs gives you greater flexibility in the face of policy changes in your app distribution channels, the Play Store first and foremost due to its near-monopoly status. Personally, I would not distribute apps through a channel that would sign your APKs on your behalf. You are welcome to do what you wish, but think it through.

Besides, one of the touted benefits of Google Play App Signing is the possibility that you lose your signing keystore. If you are not regularly backing up your development machine… you have bigger issues.


Do you need a book on Android app development, but are having trouble finding one that is new enough? Try The Busy Coder’s Guide to Android Development!