How to self-sign and verify android application (apk) in windows manually

How to self-sign and verify android application (apk) in windows manually

According to the publishing article in the android developer web before you launch your application to the play store, it needs to be signed and compressed with zipalign.

For some developers, is easily to execute this process manually instead using android studio for several reasons (no idea of how to do it, you application is created using a hybrid techonology etc.). To sign our android application follow these steps.

  • Before continue, verify that you have installed the Java Development Kit and the android SDK in your pc, otherwise you'll get lost in the steps.
  • Remember to execute always the cmd in administrator mode.

1. Create a self-signed certificate.

This certificate will be used to sign your apk later, to generate a certificate we need to go to the java sdk bin path on the pc with the console (cmd)

# Usually is located in C:\Program Files (x86)\Java\jdk1.7.0_71\bin , but anyway check the location on your pc.
# Then in the cmd type :

C:\ > cd C:\Program Files (x86)\Java\jdk1.7.0_71\bin

# You'll be located in the bin path and we can use all the java tools.

C:\Program Files (x86)\Java\jdk1.7.0_71\bin > 

when you're located in the bin path with the console, execute the following command :

REM  Remember to change the mycustomname and mycustom_alias to your correct keystore name and alias (whatever you want)

keytool -genkey -v -keystore mycustomname.keystore -alias mycustom_alias -keyalg RSA -keysize 2048 -validity 10000

Follow all the prompts, you'll be asked for your code country, your location, your name and other information and the password, just fill these fields. If everything went good, you'll get a file in the bin path with the name that you give (in this case mycustomname.keystore).

2. Sign your .apk file with the self-signed certificate.

Now, we need an unsigned .apk file, and we need to copy that file into the bin path of the jdk (Just copy your apk file in the jdk in C:\Program Files (x86)\Java\jdk1.7.0_71\bin).

Then execute the following command :

REM  Change the name of the apk, the name of the certificate and the alias with your own data.
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore mycustomname.keystore MYAPKFILE.apk mycustom_alias

This will use the previous self-signed certificate which is located in the same bin path, you only need to give the password of the certificate and the .apk will be signed succesfully.

3. Verify your apk (optional)

If you want to check that everything work good, verify your .apk with the following command

jarsigner -verify -verbose -certs MYAPKFILE.apk

4. Use zipalign to align your .apk

Now, we are going to compress the signed apk file. In order to sign the apk we need the android sdk in our pc. Then we go to the build-tools folder with the windows console (cmd) using : 

# Go to the android build tools folder that contains the zipalign.exe with the console
# Usually is located in C:\Users\MyUser\AppData\Local\Android\android-sdk\build-tools\23.0.0
# Or just browse to the folder that contains the zipalign.exe file in your sdk

C\: > cd C:\Users\MyUser\AppData\Local\Android\android-sdk\build-tools\23.0.0

# We will be now on the build tools directory :

C:\Users\MyUser\AppData\Local\Android\android-sdk\build-tools\23.0.0 >

First copy the signed .apk file from the step 2 in the build tools folder where zipalign.exe is located. Then just execute the zip aling command using :

REM  This will be use the name of the unaligned file from the previous 2 and will create a new one with the new name in the build tools folder
zipalign -v 4 MyUnalignedFile.apk MyNewUnalignedFile.apk

REM  Then a file named MyNewUnalignedFile.apk will be located in C:\Users\MyUser\AppData\Local\Android\android-sdk\build-tools\23.0.0
REM  Now this file can be uploaded to the play store

Now everything should be set up to upload your apk to the play store , have fun !

Become a more social person