html2app docs

    Android App Signing & Keystores

    To distribute an Android application, it must be digitally signed with a certificate. This signature verifies the identity of the author and ensures that the application has not been tampered with since it was signed.

    What is a Keystore?

    An Android Keystore is a binary file that serves as a secure container for cryptographic keys and certificates. Ideally, you should keep your keystore file private and secure.

    • File Extension: Usually .jks, .keystore, .p12, or .pfx.
    • Aliases: A single keystore file can contain multiple keys, identified by an "alias".

    Signing Approaches

    Google Play Store offers two main approaches to app signing. Understanding the differences is crucial for your app's long-term maintenance.

    This is the modern standard used by the vast majority of new apps. It separates the key used to upload the app from the key used to sign the app for users.

    1. Upload Key: You generate this keystore locally (see Create Keystores). You use this Upload Key to sign your App Bundle (.aab) before uploading it to the Play Console.
      • Verification: This key proves to Google that the upload comes from you.
      • Re-signing: Google removes your upload signature and re-signs the valid APKs with the App Signing Key before distributing them to users.
    2. App Signing Key: Google generates and stores this key on their secure servers (or you upload your legacy key to them). Google uses this key to sign the final APKs that are downloaded by users.

    Benefits:

    • Key Loss Recovery: If you lose your local keystore (Upload Key), you can simply generate a new one locally and register it with Google Console. Because the App Signing Key (held by Google) remains the same, your users can receive updates without any issues.
    • Optimization: Enables Google to optimize the APKs delivered to specific devices (via App Bundles).

    2. Traditional Signing (Self-Managed)

    In this legacy model, you manage the single key that serves as both the upload key and the app signing key. You sign the APK locally with your key (generated via Create Keystores), and Google distributes it exactly as signed.

    Risks:

    • Permanent Loss: If you lose your keystore file or forget the password, you can never update your app again. You would be forced to publish a completely new app with a new package name (losing all existing users and reviews).
    • Security: If your key is compromised, you cannot rotate it effectively.

    Summary

    FeatureGoogle Play App SigningTraditional Signing
    Who holds the App Signing Key?Google (Secure Infrastructure)You (Local file)
    What do you sign with?Upload KeyApp Signing Key
    If you lose your key...You can reset the Upload KeyGame Over (App cannot be updated)
    Recommended forAll new appsSpecific legacy enterprise cases

    Important Notes

    • Choose Google Play App Signing: Unless you have a specific reason not to, always use Google Play App Signing for new apps
    • Backup Your Keys: Keep secure backups of your Upload Key keystore
    • Keep Passwords Safe: Store your keystore password securely (password manager recommended)
    • One Key Per App: Each app should have its own keystore and key alias