Answer the question
In order to leave comments, you need to log in
W
W
WebDev2017-09-07 14:52:35
WebDev, 2017-09-07 14:52:35
Why sign apk files?
Please explain why apk files are signed before being uploaded to the playmarket. After all, when generating this file for signature, I use absolutely arbitrary data.
And do I understand correctly that after each build I need to sign the file again?
I use cordova and do everything through the CLI.
1 answer(s)
@kirill-93
A
Andrey Myvrenik, 2017-09-07 @kirill-93
For security. If APKs were not signed, then attackers could modify your application by adding malicious code and distribute modified versions as if it were original. And if someone gets access to your Google Play account, then it’s generally ideal, anyone could replace your application with something leftist. Validates app updates using Google Play and Android signing. The key used to sign subsequent versions must match the key of previous versions of the application.
Yes, you need to sign each APK before uploading it to Google Play.
And for clarification on this:
The signature is produced by a special key and cryptographic algorithms. What you enter in fields like "organization name" does not matter as much as the key itself, which is randomly generated at the time of creation.
Similar questions
B
J
S
D
T
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question