Signing Your App
Perhaps the most important step in preparing your application for production distribution is signing it with a production signing key. While mistakes here may not be immediately apparent, they can have significant long-term impacts, particularly when it comes time for you to distribute an update.
Role of Code Signing
We digitally sign our apps to ensure that nobody tampers with those apps in ways that may harm the user.
App Updates
For example: you distribute your app with an application ID of com.awesomecorp.fun. What would stop somebody else from trying to distribute updates to that app, by shipping their own APK with the same application ID and a higher versionCode?
What prevents that is the digital signature. In order for an APK to be considered a valid upgrade for an installed app, it needs to:
- Have the same application ID
- Have a higher
versionCode - Be signed by the same signing key that signed the installed app
So long as nobody steals your signing key, and so long as there is no major breakthrough in falsifying digital signatures, only you can distribute updates to your app.
Tampering by Distributors
A related concern is whether your app distributor — Google, in the case of the Play Store — can modify your app before they distribute it.
If you sign your app, and you verify that the signature of the distributed app has not changed, then you know that the distributor did not change the app.
Conversely, if the distributor signs the app, then the distributor can do whatever it wants with the app. In effect, whoever signs the app really controls what the app is and does.
Prev Table of Contents Next
This book is licensed under the Creative Commons Attribution-ShareAlike 4.0 International license.