Plan Your Production Keystore Strategy

Of course, the first rule of Android development is: back up your production keystore.

:: insert obligatory Fight Club reference here ::

However, there is more to planning out your production development work than merely having an adequate backup regimen. You also need to think about who needs that production keystore.

This might seem simple. For solo development efforts, only the developer needs the keystore. For teams, whoever (or whatever) is responsible for creating the production APK builds needs the keystore. And, so your apps do not get accidentally hijacked, open source projects need to ensure that the world does not have the production keystore (i.e., don’t put it in version control).

However, there are other scenarios to consider:

  • What about a consultant?

  • What about an employee, creating an Android app for an employer, in addition to creating other apps on personal time?

  • What if you want to sell your app’s rights to somebody else?

In these cases, saying that there is a single production keystore is probably not the best answer. My general recommendation is:

Whoever owns the APK needs to own the keystore that signed that APK

Hence, in the case of the consultant, use individual keystores per client, or possibly per app. That way, the client can own the keystore(s) associated with the apps they hired the consultant to create, and if the client elects to go elsewhere for maintenance, they can.

In the case of the employee, please don’t use a personal keystore for business work. Generate a second keystore to use at the office. It’s not like they cost anything.

If you are making a line of apps, and you think that there might be a case where one is a hit and you wish to sell the rights to that one app (versus selling the whole business), you might consider using individual keystores per app. That way, when you sell rights to the app, its own keystore can go along for the ride.

I am sure that there are other scenarios as well – these are just three. Just make sure that you do not wind up in a situation where multiple businesses both need rights to the same keystore, as that can get messy quickly.

Oh, and, please back up your keystores. You’ll thank me later.