After Fusing an app on the Appdome platform, Appdome highly recommends signing apps automatically using the Appdome service. This process ensures signing in accordance with Google guidelines, makes the app tamper-proof, and in many cases, prevents mistakes.
If you are required to sign Android apps locally off the Appdome platform, you can follow the process in this KB article to provide the certificate information needed for Anti-Tampering and to sign the Fused app on your workstation.
Overview of Signing an Android App After Fusing
On Appdome, after you have completed Fusing and Branding your Android App, you can then follow the steps below to sign the Fused app locally on your workstation.
Step 1: How Would You Like to Sign: Private Signing
Step 2: Enter the certificate fingerprint.
NOTE: The certificate fingerprint is obtained using a java keytool described in the next section.
Once you obtain the fingerprint, you can paste it with or without colon (:) separators.
Step 3: Click the link Private Signing - which will prompt you to download the app.
Optional: You can enable Google Play App Signing
Step 4: Now you can download the app to your workstation
Step 5: Follow the steps below to sign locally
Creating a certificate for signing an Android App
If you need to create an Android signing certificate, you can use the information in these resources on how to create a self-signed certificate keystore:
Obtain the certificate fingerprint for Appdome Anti-Tampering
The fingerprint is a one-way hash of the certificate stored in the Android signing keystore.
To get the fingerprint required by Appdome when signing Android Apps off the Appdome platform, from your workstation run:
keytool -list -keystore <path_to_keystore> -storepass <store pass> -alias <alias>
Or, another method:
keytool -list -printcert -MYAPPNAME.apk
NOTE: The SHA1 of the signature is marked inside it. It is a public identifier that can be extracted from the signed .apk as well.
The output should look like this.
test-alias, Nov 20, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA1): BE:D2:E3:17:9F:20:9A:F9:CF:55:E8:31:21:8C:7E:C7:7F:87:62:26
NOTE: You will need to copy paste this fingerprint into the certificate fingerprint field on Appdome when choosing the option to sign manually.
Signing a Fused Android App from your Workstation
Once you have downloaded the Fused app from Appdeme, you can sign the app on your workstation by running:
zipalign -f 4 <path_to_apk> <path_to_apk>-aligned.apk
mv <path_to_apk>-aligned.apk <path_to_apk>
apksigner sign --ks <path_to_keystore> --ks-pass pass:<store_pass> --ks-key-alias <alias> --key-pass pass:<key_pass> --v2-signing-enabled --v1-signing-enabled <path_to_apk>
After signing, your app is ready to deploy.
Signing an Android app on Appdome
You can always sign an Android app after Fusing on Appdome! Here is a link with more information on how to accomplish this.
Thanks for visiting the Appdome knowledge base! We hope Appdome is living up to our mission of simplifying your mobile integrations. If you don't already have an account, you can sign up for free. Happy fusing!