• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

why signing, unknown sources and how to sign

perik

Lurker
Jul 4, 2013
6
0
Hi!

I exported my processing sketch as a app. But are a bit confused with the signing

Heres what I did (and maybe tutorial for others):
1) In processing: File -> Export Android Project
2) In Eclipse: File -> New -> Android -> Android Project from Existing Code
3) select the project you exported from Processing (Root Directory) in the wizard
4) doubleclick AndroidManifest.xml in the Package Explorer and change android:debuggable="true" to android:debuggable="false"
5) mark the project in the Package Explorer
6) FIle -> Export -> Android -> Export Android Application
7) Create new Keystore and set location for export and choose password
8) enter the key creation
9) select the destination for the .apk and export

Now I have created a .apk file

My questions:
1) Is my app signed? And how do I know that?
2) Whats the point of signing? Is it possible to install without signing?
3) I need to tick the checkbox in my phone for allow Unknown Source to install?4) And since the answer is Yes for the above question. Do I have to do this even though the app is signed?

thanks
 
Hi perik,

You can check if your app is signed by running:

jarsigner -verify MyApp.apk

If it is signed, it should report "jar verified".

Signing ensures that only you can release a new version of your app. An updated version of your app (which will have the same package name) can only be installed if it is signed by the same key as the older version of your app that is already installed. This stops some evildoer from creating an app with the same package name as your app and trying to get users to install it by fooling them into thinking it is just an update of an app they have already.

The "Unknown Source" option allows APK files to be installed from places other than Google Play. This is not related to the signing of the app.

Hope that helps a bit.
 
  • Like
Reactions: Rxpert83
Upvote 0
If it's going to be distributed outside of the play store, unknown sources will need to be checked during installation.

You can always uncheck it again afterwards. :thumbup:

As far as key signing, that's above my pay grade. We have a development sub forum that's better suited for people looking for answers when making their own apps.

If you'd like, I or (any other staff member) can move this thread over there for you.
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones