Android - Sign .apk

Both the debug and release apk need to be signed before it is installed to device/emulator

The self-signed certificate (named debug.keystore) used to sign your application in debug mode will have an expiration date of 30 years from its creation date. The default storage location is in $HOME/.android/debug.keystore.

1. keytool – to generate keys (contain in JDK)
keytool
-genkey
-v
-keystore <my-release-key.keystore>
-alias <alias_name>
-keyalg RSA
-keysize 2048
-validity 10000(valid_days)

2. Jarsigner – to sign your application .apk files (contain in JDK)
sign:
jarsigner
-verbose
-sigalg SHA1withRSA
-digestalg SHA1
-keystore my-release-key.keystore
<unsigned.apk> <key_alias>

verify:
jarsigner
-verify
-verbose
-certs <application.apk>

3. zipalign – Ensuring alignment at 4-byte boundaries provides a performance optimization when installed on a device
zipalign 4 <signed-unaligned.apk(input)> <signed-aligned.apk(output)>
-f: overwriting an existing APK
-v: verbose output

Ecliplse(ADT):

• Projdct context menu > Android Tools > Export…
• Open AndroidManifest.xml > Manifest tab > Exporting
• Select project in the Package Explorer > File(Menu) > Export > Android > Export Android Application