Recommendations on resigning apk












0















We have an external vendor who develops an android app for our organization. We want the apk to be signed with our organizational signature, not the vendor signature, when releasing the app to play store. what are the best recommendations on re-signing the android apk?






android apk vendor







share|improve this question


















  • 1





    You have to sign the apk with the same key every time you do an update. Im not sure if you can change the info on an existing key. If you lose the key you can not do updates

    – JRowan
    Nov 19 '18 at 21:20











  • If we were to release the apk to play store, what should we be expecting from the vendor?

    – Lucky
    Nov 19 '18 at 21:36











  • Definetly the project with all the files. Android studio the would give you a zip file probably. And the signing key. There are a bunch of different ways to sign these days i think but there should be a signing key

    – JRowan
    Nov 19 '18 at 21:39
















0















We have an external vendor who develops an android app for our organization. We want the apk to be signed with our organizational signature, not the vendor signature, when releasing the app to play store. what are the best recommendations on re-signing the android apk?






android apk vendor







share|improve this question


















  • 1





    You have to sign the apk with the same key every time you do an update. Im not sure if you can change the info on an existing key. If you lose the key you can not do updates

    – JRowan
    Nov 19 '18 at 21:20











  • If we were to release the apk to play store, what should we be expecting from the vendor?

    – Lucky
    Nov 19 '18 at 21:36











  • Definetly the project with all the files. Android studio the would give you a zip file probably. And the signing key. There are a bunch of different ways to sign these days i think but there should be a signing key

    – JRowan
    Nov 19 '18 at 21:39














0












0








0








We have an external vendor who develops an android app for our organization. We want the apk to be signed with our organizational signature, not the vendor signature, when releasing the app to play store. what are the best recommendations on re-signing the android apk?






android apk vendor







share|improve this question














We have an external vendor who develops an android app for our organization. We want the apk to be signed with our organizational signature, not the vendor signature, when releasing the app to play store. what are the best recommendations on re-signing the android apk?






android apk vendor




android apk vendor






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 19 '18 at 21:16









LuckyLucky

103




103








  • 1





    You have to sign the apk with the same key every time you do an update. Im not sure if you can change the info on an existing key. If you lose the key you can not do updates

    – JRowan
    Nov 19 '18 at 21:20











  • If we were to release the apk to play store, what should we be expecting from the vendor?

    – Lucky
    Nov 19 '18 at 21:36











  • Definetly the project with all the files. Android studio the would give you a zip file probably. And the signing key. There are a bunch of different ways to sign these days i think but there should be a signing key

    – JRowan
    Nov 19 '18 at 21:39














  • 1





    You have to sign the apk with the same key every time you do an update. Im not sure if you can change the info on an existing key. If you lose the key you can not do updates

    – JRowan
    Nov 19 '18 at 21:20











  • If we were to release the apk to play store, what should we be expecting from the vendor?

    – Lucky
    Nov 19 '18 at 21:36











  • Definetly the project with all the files. Android studio the would give you a zip file probably. And the signing key. There are a bunch of different ways to sign these days i think but there should be a signing key

    – JRowan
    Nov 19 '18 at 21:39








1




1





You have to sign the apk with the same key every time you do an update. Im not sure if you can change the info on an existing key. If you lose the key you can not do updates

– JRowan
Nov 19 '18 at 21:20





You have to sign the apk with the same key every time you do an update. Im not sure if you can change the info on an existing key. If you lose the key you can not do updates

– JRowan
Nov 19 '18 at 21:20













If we were to release the apk to play store, what should we be expecting from the vendor?

– Lucky
Nov 19 '18 at 21:36





If we were to release the apk to play store, what should we be expecting from the vendor?

– Lucky
Nov 19 '18 at 21:36













Definetly the project with all the files. Android studio the would give you a zip file probably. And the signing key. There are a bunch of different ways to sign these days i think but there should be a signing key

– JRowan
Nov 19 '18 at 21:39





Definetly the project with all the files. Android studio the would give you a zip file probably. And the signing key. There are a bunch of different ways to sign these days i think but there should be a signing key

– JRowan
Nov 19 '18 at 21:39












2 Answers
2






active

oldest

votes


















0














Re-signing the APK will remove the previous signature, so it will work as you expect it.



Recommendation is to use apksigner (released as part of the Android SDK), which offers more secure signing algorithms to sign APKs. The alternative is jarsigner, but it's slower for Android devices to verify the signature (so installation takes more time) and it's not as secure.






share|improve this answer































    0














    My recommendation would be to build and sign it yourself from the release branch or using the commit hash of the code (that is verified by QA team of external vendor).
    With gradle support in Android projects it is very simple to set up a small script block that will sign the apk with right keys.
    For example, in our projects we have created a properties file like this 



    ANDROID_KEYSTORE_LOCATION=~/.android/debug.keystore
    
ANDROID_KEYSTORE_PASSWORD=android
    
ANDROID_KEYSTORE_ALIAS=androiddebugkey
    
ANDROID_KEYSTORE_ALIAS_PASSWORD=android


    You can swap the values in above lines to your release keys when you build in-house, without any modification to gradle script. Of course the vendor has to make a change in gradle build script to read this file.






    share|improve this answer























      Your Answer






      StackExchange.ifUsing("editor", function () {
      StackExchange.using("externalEditor", function () {
      StackExchange.using("snippets", function () {
      StackExchange.snippets.init();
      });
      });
      }, "code-snippets");

      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "1"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53382755%2frecommendations-on-resigning-apk%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      0














      Re-signing the APK will remove the previous signature, so it will work as you expect it.



      Recommendation is to use apksigner (released as part of the Android SDK), which offers more secure signing algorithms to sign APKs. The alternative is jarsigner, but it's slower for Android devices to verify the signature (so installation takes more time) and it's not as secure.






      share|improve this answer




























        0














        Re-signing the APK will remove the previous signature, so it will work as you expect it.



        Recommendation is to use apksigner (released as part of the Android SDK), which offers more secure signing algorithms to sign APKs. The alternative is jarsigner, but it's slower for Android devices to verify the signature (so installation takes more time) and it's not as secure.






        share|improve this answer


























          0












          0








          0







          Re-signing the APK will remove the previous signature, so it will work as you expect it.



          Recommendation is to use apksigner (released as part of the Android SDK), which offers more secure signing algorithms to sign APKs. The alternative is jarsigner, but it's slower for Android devices to verify the signature (so installation takes more time) and it's not as secure.






          share|improve this answer













          Re-signing the APK will remove the previous signature, so it will work as you expect it.



          Recommendation is to use apksigner (released as part of the Android SDK), which offers more secure signing algorithms to sign APKs. The alternative is jarsigner, but it's slower for Android devices to verify the signature (so installation takes more time) and it's not as secure.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 19 '18 at 21:48









          PierrePierre

          1,606167




          1,606167

























              0














              My recommendation would be to build and sign it yourself from the release branch or using the commit hash of the code (that is verified by QA team of external vendor).
              With gradle support in Android projects it is very simple to set up a small script block that will sign the apk with right keys.
              For example, in our projects we have created a properties file like this 



              ANDROID_KEYSTORE_LOCATION=~/.android/debug.keystore
              
ANDROID_KEYSTORE_PASSWORD=android
              
ANDROID_KEYSTORE_ALIAS=androiddebugkey
              
ANDROID_KEYSTORE_ALIAS_PASSWORD=android


              You can swap the values in above lines to your release keys when you build in-house, without any modification to gradle script. Of course the vendor has to make a change in gradle build script to read this file.






              share|improve this answer




























                0














                My recommendation would be to build and sign it yourself from the release branch or using the commit hash of the code (that is verified by QA team of external vendor).
                With gradle support in Android projects it is very simple to set up a small script block that will sign the apk with right keys.
                For example, in our projects we have created a properties file like this 



                ANDROID_KEYSTORE_LOCATION=~/.android/debug.keystore
                
ANDROID_KEYSTORE_PASSWORD=android
                
ANDROID_KEYSTORE_ALIAS=androiddebugkey
                
ANDROID_KEYSTORE_ALIAS_PASSWORD=android


                You can swap the values in above lines to your release keys when you build in-house, without any modification to gradle script. Of course the vendor has to make a change in gradle build script to read this file.






                share|improve this answer


























                  0












                  0








                  0







                  My recommendation would be to build and sign it yourself from the release branch or using the commit hash of the code (that is verified by QA team of external vendor).
                  With gradle support in Android projects it is very simple to set up a small script block that will sign the apk with right keys.
                  For example, in our projects we have created a properties file like this 



                  ANDROID_KEYSTORE_LOCATION=~/.android/debug.keystore
                  
ANDROID_KEYSTORE_PASSWORD=android
                  
ANDROID_KEYSTORE_ALIAS=androiddebugkey
                  
ANDROID_KEYSTORE_ALIAS_PASSWORD=android


                  You can swap the values in above lines to your release keys when you build in-house, without any modification to gradle script. Of course the vendor has to make a change in gradle build script to read this file.






                  share|improve this answer













                  My recommendation would be to build and sign it yourself from the release branch or using the commit hash of the code (that is verified by QA team of external vendor).
                  With gradle support in Android projects it is very simple to set up a small script block that will sign the apk with right keys.
                  For example, in our projects we have created a properties file like this 



                  ANDROID_KEYSTORE_LOCATION=~/.android/debug.keystore
                  
ANDROID_KEYSTORE_PASSWORD=android
                  
ANDROID_KEYSTORE_ALIAS=androiddebugkey
                  
ANDROID_KEYSTORE_ALIAS_PASSWORD=android


                  You can swap the values in above lines to your release keys when you build in-house, without any modification to gradle script. Of course the vendor has to make a change in gradle build script to read this file.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 19 '18 at 22:12









                  prashantprashant

                  2,04263347




                  2,04263347






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Stack Overflow!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53382755%2frecommendations-on-resigning-apk%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      MongoDB - Not Authorized To Execute Command

                      Image
                      .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so: "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID("a1d5bc0d-bc58-485e-b232-270758a89455") }, $db: "admin...
                      Read more

                      How to fix TextFormField cause rebuild widget in Flutter

                      Image
                      .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I've got the same issue at #9280. I tried all solutions from that topic with/without GlobalKey for Scaffold and Form but the problem wasn't fixed. I tried to build a authentication form with login and signup. But the keyboard doesn't show when I tap the TextFormField at the first time. Then I try to input some letter from physical keyboard, the widget is rebuilt. Like this: login screen Nothing to be log when I run flutter run --verbose, so I logged manually. Every tapping on field, the widget called dispose -> init -> build. [√] Flutter (Channel beta, v1.0.0, on Microsoft Windows [Version 10.0.17763.195], ...
                      Read more

                      in spring boot 2.1 many test slices are not allowed anymore due to multiple @BootstrapWith

                      Image
                      1 I tried to upgrade a yummy sandwich made of two test slices (@JsonTest and @JdbcTest in my case, crunchy test code in between) adding spring boot 2.1 flavour to it. But it seems it was not much of a success. I cannot annotate my tests with many @...Test since they are now each bringing their own XxxTestContextBootstrapper. It used to work when they all used same SpringBootTestContextBootstrapper. @RunWith(SpringRunner.class) @JdbcTest @JsonTest public class Test { @Test public void test() { System.out.printn("Hello, World !"); } } The error I get from BootstrapUtils is illegalStateException : Configuration error: found multiple declarations of @BootstrapWith for test class I understand I might be doing something wrong here but is there an easy way I could load both Json and Jdbc contex...
                      Read more