Monday, January 16, 2017

Create Secure & zipalign apk for upload to playstore

Keystore-SSL Certificate as a Trusted Certificate



How To Get Your MD5 Fingerprint For Android Using Eclipse Keytool Plugin
---------------------------------------------------

1. Go to Help>Install New Software.
2. Now enter this website on the textbox: http://keytool.sourceforge.net/update
3. Wait until the word "Keytool" appears under the "Name" table then click on the checkbox before it.
4. Then click on "Next".
5. Continue clicking on the next choices until you're done with the installation.

http://www.icodeya.com/2011/04/how-to-get-your-md5-fingerprint-for.html


What is keytool?>
---------------------------------------------------

Keytool is an Eclipse plugin that maintains keystores and certificates.


Key features
  • Export certificate, with or without the private key.
  • Create certificate.
  • Create keystore.
  • Open existing keystore.
  • View all available information about every certificate.
  • Open existing certificate. Default with the extension .cer.
  • View list of certificates in a keystore.
  • Handles JKS and PKCS #12.
  • Show which certificate in a keystore where you have the private key.
  • Filemonitoring, to monitor changes in keystores.
  • Default opening a keystore every time Eclipse starts.
  • Generate CSR.
It allows you to create certificates and put them in a keystore.
You can from Eclipse, open and inspect certificates that are stored as .cer, or in a given keystore.



Create Zipalign apk>
---------------------------------------------------
  1. Right click on project
  2. Search & Click- Export Android Application
  3. Next
  4. Select project name
  5. Select keystore & enter password, if not existing keystore create keystore
  6. Next
  7. Select alias & password, if not exist then create
  8. Next
  9. Give destination path
  10. This page has certificate details
    • Certificate expires date
    • MD5
    • SHA1
  11. Finish (zipalign apk)

Important Note
>
---------------------------------------------------
  1. Check android_manifest.xml and verify that android:debuggable  attribute is set to false in your manifest file           
  2. Check the android:versionCode and android:versionName attributes. (if this is the first time you are uploading a apk, ignore, else if it is a new version of existing apk, make sure these       values are larger than previous apk)
  3. Export unsigned application package from Eclipse
  4. Sign the application using release key certificate(not debug key certificate)
  5. Zip align the package
  6. Upload in google play

Verify apk by zipalign>
---------------------------------------------------
  • Open cmd & go to path

    <sdk path>\sdk\tools>zipalign -c -v 4 <source apk path>

    e.g. E:\MyProject\adt-bundle-windows-x86\sdk\tools>zipalign -c -v 4 E:\MyPro
    ject\Sorghum\SorghumV3.0.apkA

    //all images/xml/assets folders
    14939764 res/drawable-xxhdpi/ic_plusone_tall_off_client.png (OK)
    14945782 classes.dex (OK - compressed)
    16127073 manifest (OK - compressed)
    16127212 META-INF/MANIFEST.MF (OK - compressed)
    16134980 META-INF/CERT.SF (OK - compressed)
    16143103 META-INF/CERT.RSA (OK - compressed)
    Verification successful

    **********************************
    Zip alignment utility
    Copyright (C) 2009 The Android Open Source Project
    Usage: zipalign [-f] [-v] <align> infile.zip outfile.zip
           zipalign -c [-v] <align> infile.zip

      <align>: alignment in bytes, e.g. '4' provides 32-bit alignment
      -c: check alignment only (does not modify file)
      -f: overwrite existing outfile.zip
      -v: verbose output

No comments:

Post a Comment