All I know is that when it breaks, it is a huge pain to fix. If you are particularly enterprising, you can attempt to read and understand everything here, but I’ve been developing for Android for the better part of three years now and I’m sad to say that even I don’t understand it completely. As long as we always sign our packages with the same key (the “upload key”), Google Play will actually generate and manage our code signing keys for us. These days code signing is a lot easier than what it used to be. You’d sign it because you are the author. If you wrote a book, would you get someone else to sign it? No. The logic of that quickly breaks down though. We’d be tempted to ask for a nirvana where we could just give all our unsigned app bundles to the Play Store and just have them work it out and just sign it for us. Why can’t the Play Store just handle code signing for us? This lends itself to probably some of the reasons why signing an APK or AAB (android app bundle) is as confusing as it is. Keytool has been around for probably as long as the JDK itself, so it’s pretty old. To achieve this goal, Android package signing actually takes advantage of a tool that comes from the Java Development Framework called keytool. When we upload our signed package to Google Play, it remembers the key that was used to upload the initial package and makes sure subsequent packages are signed with the same key. We do this by signing our package with a key that we generate. We sign our packages so people who download our package from the Play Store actually know it’s us.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |