RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Legitimize Your Mobile App: Get It Signed : Page 3

Signing your mobile application is a critical precursor to distribution. Here’s a handy reference to application signing for today’s mobile platforms.

Signing Android Applications
For a phone to run your application, you must sign it. Unlike some of the other platforms discussed later, Android doesn't restrict application distribution via signing and certificates, so it's entirely possible (and quite common) to use self-signed certificates when packaging your application.

To sign an Android application, you can self-sign your application, or have a company such as Verisign provide a signed key for you to use. Be sure that your key exceeds the projected lifespan of your application—if your key expires, your application will not run. Then, follow these steps:

  1. Be sure you have the jarsigner tool installed—it should have been included with the JDK required by the Android SDK.
  2. Build your application package in release mode. (You'll be signing the resulting .apk file).
  3. Run jarsigner, passing the name of the keystore containing either your self-generated key or the one provided by the certifying authority, the alias for the key your certificate uses, and the name of your application package, like this:
    jarsigner –verbose –keystore keys truncheon.apk Yoyodyne
You can verify that you've successfully signed your application by running jarsigner again using the verify switch; if the signing was successful, the tool will print jar verified.

After you've signed your application, you should put it through a final full test cycle before submitting it to the Android Market.

Click here for more information about signing Google Android applications.

Signing BREW Applications
To distribute a BREW application, Qualcomm and carriers require that it undergo certification by the National Software Testing Labs. To obtain certification, your application must first be signed; to do this you need a key from VeriSign as well as Qualcomm's AppSigner tool, available from the BREW web site.

After you have a key—which Verisign provides through its Authentic Document Service and Personal Trust Agent (PTA)—and have installed the AppSigner, follow these steps:

  1. Ensure that your application MIF file does not include a license; if it does, the signing process or subsequent certification may fail.
  2. Ensure that your application is packaged.
  3. Launch the AppSigner and click the Wizard icon.
  4. Choose the type of application you want to sign (BREW, J2ME, PDA, Flash, or Content), and browse for the application folder containing the application you want to sign and then click Next.
  5. A file browser will appear; indicate which files should be signed (you must sign your module, resource files, and MIF files, along with any other files destined for the handset) and which files your application is permitted to modify on the device. Once you've marked which files you want to sign, click Next.
  6. The signature management window appears; indicate that you’d like to create a new signature file and click Next.
  7. The VeriSign Personal Trust Agent window will appear; select your user name from the drop-down list and enter your PTA password, and click Next again.
  8. The VeriSign Notarization server processes your request and a status screen will appear. If everything succeeds, you can proceed with packaging your application for submission.
Application packaging for certification requires you to organize your files in a specific way (documentation, simulator, and handset builds must be placed in different folders), and the submission process can fail if you don't do things precisely right. As a result, you should check BREW's web site for the latest "True BREW" certification test guide before submitting your application to NSTL.

Signing iPhone Applications
Apple follows Qualcomm's lead, requiring you to sign applications prior to submission for Apple certification and distribution through the App Store. To do this, you need to obtain a key from Apple through the Program Portal, which you obtain by completing a Certificate Signing Request and obtaining approval from Apple's iPhone Developer program. Once approved, you download the resulting key, which Mac OS associates with the system's keychain, available through the Keychain Access Utility application.

Signing an application for distribution using Xcode is much easier than with other tools, because the entire process occurs within Xcode. Follow these steps:

  1. Register an application identifier through the iPhone Developer program.
  2. Create a distribution provisioning profile for the application identifier on the iPhone Developer program web site and download it to your build workstation.
  3. Add the resulting profile to Xcode by dropping the profile on the Xcode application icon.
  4. Open the Project Info window. In the Configurations tab, select Release. Click Duplicate, and rename the new copy to "Distribution"; this build configuration is unique for creating commercial builds.
  5. Choose the Distribution choice from the Active Build Configuration pop-up in the main project window.
  6. Select the target's Build tab (open the Targets item in the Groups and Files window of the main project window) and select Distribution from the Configuration popup.
  7. On the line labeled "Code Signing Identity," change "iPhone Developer" to "iPhone Distribution," or ensure that it reads "iPhone Distribution" if it doesn't already.
  8. Select the distribution profile from the Code Signing Provisioning Profile popup.
  9. Clean and build your project.
  10. Use the main project window's Reveal in Finder menu command to find the application bundle you'll submit to the App Store.
For more details, see the Apple’s developer web site.

Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date