These days code signing is a lot easier than what it used to be. You’d sign it because you are the author. If you wrote a book, would you get someone else to sign it? No.
The logic of that quickly breaks down though. We’d be tempted to ask for a nirvana where we could just give all our unsigned app bundles to the Play Store and just have them work it out and just sign it for us. Why can’t the Play Store just handle code signing for us? This lends itself to probably some of the reasons why signing an APK or AAB (android app bundle) is as confusing as it is.
Keytool has been around for probably as long as the JDK itself, so it’s pretty old. To achieve this goal, Android package signing actually takes advantage of a tool that comes from the Java Development Framework called keytool. When we upload our signed package to Google Play, it remembers the key that was used to upload the initial package and makes sure subsequent packages are signed with the same key. We do this by signing our package with a key that we generate. We sign our packages so people who download our package from the Play Store actually know it’s us.
0 kommentar(er)
