Obtaining a certificate for Android Application


1

As a potential start up that is releasing an Android application, I need to sign the application with a certificate. I'm wondering if I should use a self-signed certificate or should I use a certificate signed by a certificate authority?

If I should use the latter, what is process for obtaining a certificate and getting it signed by a certificate authority?

Android

asked Feb 1 '12 at 01:32
Blank
Hank
108 points

2 Answers


3

According to the Android developer site, you can use self-signed certificates to sign your applications. No certificate authority is needed. To quote the site:

The certificate does not need to be signed by a certificate authority: it is perfectly allowable, and typical, for Android applications to use self-signed certificates.

As far as the process for signing your application, take a look at the link I provided. That page has a ton of information regarding signing your application. Here's an excerpt:

When you build in release mode you use your own private key to sign your application. If you don't have a private key, you can use the Keytool utility to create one for you. When you compile your application in release mode, the build tools use your private key along with the Jarsigner utility to sign your application's .apk file. Because the certificate and private key you use are your own, you will have to provide the password for the keystore and key alias.

If you were developing a Windows application I would say that using a certificate authority is a must, since the end user receives a terrible warning without it. However, Android doesn't warn end users in that way.

Here's a Google Groups thread, which mentions the same thing.

If you still want to pursue purchasing a code-signing certificate from a trusted source, the process is fairly straightforward.

  1. Find a vendor that can supply you with an Android compatible certificate.
  2. Purchase the certificate.
  3. Supply the vendor with the requested documentation to prove you are who you say you are.
  4. Read the Android documentation to learn how to properly sign your application with your purchased certificate.
answered Feb 1 '12 at 02:08
Blank
Zuly Gonzalez
9,194 points
  • I can confirm what you say about Android certs, I just signed mine before a few minutes. – Christian 9 years ago
  • Is there any advantage for using a trusted source? – Hank 9 years ago

0

The Android Application should have the certificate's like SSL certificate's because these day's The Android Apps are causing major security problem in mobile industry.So it has to build with more security options.

answered Feb 1 '12 at 21:30
Blank
Casandra
1 point

Your Answer

  • Bold
  • Italic
  • • Bullets
  • 1. Numbers
  • Quote
Not the answer you're looking for? Ask your own question or browse other questions in these topics:

Android