[Android] Signing certificates for clients in Android


Signing certificates for Android apps are a seemingly simple thing, but it can get a little more complicated when you develop apps for a client. If you’re not familiar with signing, you may want to read Google’s instructions on signing Android apps. Read on for a few things to look out for when you build apps for a client.

Why signing keys are important

First, the obligatory reminder: Back up your keystore–without it, you can never update an app on Google Play again. You would need to create a new app and start over. This is because once an app is released to Google Play, all future updates must be signed with the exact same signing certificate. No exceptions, no excuses.
Now, backing up your keystore may be easy when you’re developing apps for yourself, but what about when you’re building apps for a client? What if you have a very large number of clients, each with a different certificate?
The same rules apply, so a client will need to have access to that signing certificate if they want to release updates. Since the keystore cannot be recreated later, this should be resolved in advance. You may need to manage the set of certificates for your clients, or negotiate a hand-off plan for the keystore.
Additionally, since a key can’t be easily changed after creation, it is best to create a key specifically for the client, using their contact information, before the app is released. You wouldn’t want to hand over a signing key and password that is used for other clients, would you?

Items tied to the signing key

If your app is more complex, there may be a few more things that are baked into the app before the unsigned Android application package file (APK) is created. This can complicate getting the app ready for deployment.
First, if your app uses the Google Maps API, you’ll need to get an API key. This key is tied to your signing certificate and a Google account when you generate it. You’ll create a separate API key for your debug signing certificate as well.
Changing the signing certificate requires changing the API key, so you need to know which signing certificate will be used before the unsigned APK is created. This also means that you need to change from the debug API key to the one tied to the signing certificate when you create the APK for deployment.
Next are the credentials used for in-app purchasing. While these are not directly tied to the signing key, they are tied to the developer account and must be baked into the app before the unsigned APK is created.
How is this related to signing keys? Implementing in-app purchasing uses a key tied to the developer account that publishes the app. When testing in-app purchasing, the app must be signed and uploaded to the Google Play Developer Console before it can be tested. If the signing certificate changes between this test build and the final release, you will need to delete and recreate the app from the Developer Console, including any setup you have done for this app.

Take the time to get it right before deploying

There’s no going back–the same signing certificate must be used for every update for an app. For this reason, it is worth a little extra effort to get things right early on rather than fixing complications later.
This might be a good time to make a plan for how you will handle signing certificates for clients, and possibly discuss this with clients to ensure they understand how the keys will be handed off or maintained by you.

Comments

Post a Comment

Popular posts from this blog

[SVN] Simple way to do code review

Image
Simple way to do code review Table of Contents A code review (also known as code inspection or walkthrough ) is often considered to be a complex, time consuming and highly regulated process. In reality it’s just another form of communication between team members and a great way to ensure code quality and stay up to date with changes. In this guide we will show a simple and effortless way to do it on a daily basis. Use version control We hope you are already doing this! Version control systems make any work inside your team much easier, and this includes code reviews. Check out our guide “Introduction to version control” if you are still managing code the old-fashion way, or are interested in learning some best practices. Stay up to date Email and RSS are common ways to be notified about new things and code changes are not exceptions. Depending on the project scope and team size you can choose between checking every commit or just doing review o
Read more

How to Choose a Technology Stack for Web Application Development

Image
What’s the most important thing to consider when you’re developing a top-notch web application? No doubt it’s the technology stack your app will be based upon.  The choice of a relevant tech stack is particularly challenging for small businesses and startups, since they usually have limited budgets and, thus, need a technology stack that provides the most bang for the buck to get their projects off the ground. The right tech stack is, to a great extent, the key to your project’s success, while the wrong choice of web development technologies may be a reason for failure. We’ve decided to give you a helping hand and reveal the criteria for choosing the most appropriate tech stack for your web application. WHAT IS A TECHNOLOGY STACK FOR WEB DEVELOPMENT Before moving on to the criteria for choosing a modern web technology stack, you should clearly understand what comprises the process of web development. Without going too deep into details, there are two sides to web de
Read more

Setting ESLint on a React Typescript project

Image
  Introduction After struggling a lot trying to install and understand ESLint on my React Typescript project, I decided to create a definitive guide to setting ESLint to a React Typescript project. The main goal of this tutorial is to set up step-by-step and explain every line added or executed, instead of just giving you a bunch of files with a lot of configurations and expecting that you will be able to understand what and how things are happening. So, let’s start! Prerequisites Note: You need Node version >= 10 installed. So, if you don’t have it, please go to the NodeJS website, and download and install it on your local machine. ( https://nodejs.org/en/ ) Step 1: Create a React Project with Typescript The following command will create a project inside a folder  my-app . On the terminal, run: npx create-react-app my-app --template typescript Step 2: Removing the pre-set ESLint configuration from React project React comes with an eslint configuration pre-setted. Let’s remove this
Read more