devxlogo

Go Public with Your Android Application: Signing and Deployment

Go Public with Your Android Application: Signing and Deployment

Why Trust Us

o far, you’ve been learning about the interesting things you can do with Android. However, if you want your application to see the light of day and run on other users’ devices, you need a way to distribute your application and deploy them onto your target devices. This article will show you how to prepare your Android applications for deployment and get them onto your customers’ devices.

Creating the Sample Application
A simple Android application will illustrate deployment on an Android device. So, using Eclipse, create a new Android project.

Versioning
Beginning with version 1.0 of the Android SDK, the AndroidManifesl.xml file of every Android applications include the android:versionCode and android:versionName attributes:

The android:versionCode attribute represents the version number of your application. For every revision you make to the application, increment this value by 1 so that you can programmatically differentiate it from its previous version. This value is never used by the Android system, but it’s useful as a way to obtain the version number of an application.

The android:versionName attribute contains versioning information that is visible to the users. It should contain values in the following format: ...

If you are planning to publish your application on the Android Market, the AndroidManifest.xml file must have the following attributes:

  • android:versionCode
  • android:versionName
  • android:name
  • android:name

In addition, if your application needs a minimum version of the SDK, you can specify it in the AndroidManifest.xml file using the element, like this:

As the current version of the SDK is 1.0, there is no necessity for you to specify the minimum version of the SDK required.

To programmatically retrieve the value of the android:versionCode attribute, use the PackageManager class’ getPackageInfo() method. To see how this can be done, give an id to the view in main.xml, like this:

In MyKillerApp.java, add the following code to retrieve the version code of the application:

Figure 1. Run the App: Displaying the application’s versionCode.

    @Override    public void onCreate(Bundle savedInstanceState) {        super.onCreate(savedInstanceState);        setContentView(R.layout.main);                PackageManager pm = getPackageManager();        try {            //---get the package info---            PackageInfo pi =                  pm.getPackageInfo("net.learn2develop.MyKillerApp", 0);            //---display the versioncode---            TextView tv = (TextView) findViewById(R.id.textview);                        tv.setText("VersionCode: " +Integer.toString(pi.versionCode));        } catch (NameNotFoundException e) {            // TODO Auto-generated catch block            e.printStackTrace();        }    }

When you run the application, it will display the value of the android:versionCode attribute (see Figure 1).

All Android Applications Must Be Digitally Signed
All Android applications must be signed before they are allowed to be deployed onto a device (or emulator). Unlike other mobile platforms, you need not purchase digital certificates from a certificate authority (CA). Instead, you can generate your own personal certificate and use it to sign your Android applications.

Figure 2. Signing Your App: All Android applications developed in Eclipse are signed using a default debug keystore.

When you use Eclipse to develop your Android application and then press F11 to deploy it to an emulator, Eclipse automatically signs it for you. To verify this, first go to Windows?Preferences in Eclipse, then expand the Android item, and select Build (see Figure 3). Eclipse uses a default debug keystore (debug.keystore) to sign your application.

Signing an Application Manually
If you are publishing an Android application, you must sign it with your own certificate. Applications signed with the debug certificates cannot be published. To sign your application manually, you need to perform the following steps:

  • Compile your application in release signing mode. To do so in Eclipse, right-click on the package name and select Android Tools?Export Unsigned Application Package… (see Figure 3).
  • You will then be asked to select a directory for exporting the application (Android package has the .apk extension). For convenience, I have exported the Android package to C:Program FilesJavajdk1.6.0_10in (see Figure 4). You will understand why this is so shortly. (Note that I am using JDK 1.6.10; you might have some other versions on your computer and hence the folder name may vary a little.)

    • Figure 3. Using Eclipse: Exporting an Android application in release signing model.    		 
    Figure 4. The Directory Path: Exporting an .apk file.

  • If you wish to sign your application using the debug keystore, copy the Debug.keystore file from C:Documents and SettingsLocal SettingsApplication DataAndroid to C:Program FilesJavajdk1.6.0_10in.
  • Use the jarsigner.exe tool (comes with your JDK) located in C:Program FilesJavajdk1.6.0_10in to sign the .apk file with the specified keystore:
    jarsigner -verbose -keystore debug.keystore MyKillerApp.apk androiddebugkey
  • When prompted for the password for the keystore, use the default password: android.

The jarsigner.exe tool takes in the following options:

  • -keystore: This is the name of the keystore containing your private key.
  • -verbose: This enables verbose output.

The alias for the debug.keystore file is androiddebugkey. Figure 5 shows the application signed with the debug.keystore default keystore.


Figure 5. Signed with the Keystore: Signing the .apk file with debug.keystore.		 
Figure 6. Verified and Certified: Verifying that the application was signed correctly.

To verify that the application is signed correctly, you can use the –verify option with jarsigner.exe. You can also use the –certs option to view the details of the certificate used to sign the application (see Figure 6).

Generating Your Own Key
As mentioned, if you wish to publish your application to other users, you need to sign your application using your own personal certificate. You can generate your own certificate by using the keytool.exe tool (this also comes with your JDK).

To generate your own certificate, issue the following command:

keytool –genkey –v –keystore learn2develop.keystore –alias learn2develop –keyalg RSA –validity 10000

The above command generates a certificate named learn2develop.keystore with the key alias learn2develop, generated using the RSA algorithm, and with a validity of 10,000 days (this is the minimum recommended). You will be prompted for some information (see Figure 7). In particular, you need to supply a password for the keystore and a password for the private key. If you are publishing your application for the Android Market, your keystore must have a validity period ending after 22 October 2033.

Secure and protect these two passwords so that only people who are authorized to sign your applications know about them.


Figure 7. Prompting: While generating your own keystore, you will be prompted for information.		 
Figure 8. The learn2develop.keystore File: Signing your application with the new keystore file.

Once the learn2develop.keystore file is generated, you can now sign your application with it (see Figure 8).

Deploying .apk Files
Once your Android application is signed, you can deploy them to emulators and devices using the adb.exe tool (located in the tools folder of the Android SDK).

Figure 9. MyKillerApp.apk: Installing an Android .apk file using adb.

For illustration, copy the MyKillerApp.apk created (and signed) in the previous section to the android-sdk-windows-1.0_r1 ools folder. To install the application to an emulator (assuming the emulator is currently up and running), issue the following command:

adb install MyKillerApp.apk

Figure 9 shows the successful installation of the application.

To remove an installed application using the adb tool, you can use the shell option to remove an application from its installed folder, like this:

adb shell rm /data/app/net.learn2develop.MyKillerApp.apk

Another way of deploying an application is to use the DDMS tool in Eclipse (see Figure 10). With an emulator (or device) selected, use the File Explorer in DDMS to go to the /data/app folder and use the “Push a file onto the device” button to copy the .apk file into the device.


Figure 10. Using the DDMS Tool in Eclipse: Copying an .apk file into the emulator using the DDMS tool.		 
Figure 11. It Works! Locating the newly installed Android application.

Once this is done, the application will automatically appear on the device (see Figure 11).

Easy and Essential
In this article, you’ve been walked through the process of signing your Android applications and how to generate your own keystore by using the jarsigner.exe and keytool.exe tools. Signing your application is absolutely essential if you want your application to run beyond the emulator. This is particularly true if you wish to publish your application on the Android Market.

devxblackblue

About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist

Charlie Frank

Charlie has over a decade of experience in website administration and technology management. As the site admin, he oversees all technical aspects of running a high-traffic online platform, ensuring optimal performance, security, and user experience.
View Author
Show More