Ionic Production Hybrid App Series 2: Signature and Publishing of Ionic Release Version APK in Mac Environment

By Hybrid

Android application signature

In the previous chapter, the app was successfully run on the phone through ionic run, and after putting android-debug.apk on the phone, it was also found It can be installed normally. What is the difference between the debug version and the release version? Here you need to understand the Android apk signature: In order to ensure the legal ID of each application developer, to prevent some developers from using the same Package Name. To obfuscate and replace the installed program, we need to uniquely sign the APK file we publish to ensure the consistency of the version we release each time (for example, automatic update will not be unable to install because of inconsistent versions). If you use a debug version without a unified signature to overwrite the installation, an error will be reported, stating: the application is not installed.

What are the benefits of signing:

  1. Application upgrade: If you want users to upgrade seamlessly To the new version, then you must sign with the same certificate. This is because only signed with the same certificate, the system will allow the installation of upgraded applications. If you use a different certificate, the system will require your application to use a different package name. In this case, it is equivalent to installing a brand new application. If you want to upgrade the application, the signature certificate must be the same, and the package name must be the same!

  2. Application modularity: The Android system can allow multiple applications signed by the same certificate to run in one process, and the system actually treats them as a single application. Then we can deploy our application as a module, and users can independently upgrade one of the modules

  3. Code or data sharing: Android provides signature-based Authorization mechanism, then an application can expose its functions to another application signed with the same certificate. Sign multiple applications with the same certificate, and by using signature-based permission checks, you can share code and data between applications in a secure manner.

  4. If you want to share data or code between different applications, you must let them run in the same process, and let them sign with the same certificate.

The tool used for signing is Keytool: keytool is a key and certificate management tool. It enables users to manage their own public/private key pairs and related certificates for self-authentication (through digital signatures) (users authenticate themselves to other users/services) or data integrity and authentication services. It also allows users to store the public key (in the form of a certificate) of their communicating peer.
First enter the project directory and enter
$ keytool -genkey -v -keystore my-release-key.keystore -alias your application name -keyalg RSA -keysize 2048 -validity 10000
< /span>

Successfully generated signature file

Release Release version APK

Releaese version and Debug version The difference:

  1. The debug-signed application cannot be sold on the AndroidMarket, it will force you to use your own signature; the certificate for signing in Debug mode (the default is Eclipse/ADT and Ant compilation) Since it was created, it will expire after 1 year.

  2. The generated debug.keystore on different machines may be different, which means that if you change the machine to upgrade the apk version, then the above will appear The problem that the program cannot cover the installation is equivalent to that the software does not have the upgrade function!

Use the command ionic build android --release to release the release version. Select the version we need in the apk directory

Enter the command: jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore sangcan.apk sangcan
The sangcan.apk behind here is our target apk version. Here is a personal habit to rename the previous target file to sangcan.apk. The sangcan in the back is the application name that was previously filled in when generating the signature.

After signing successfully, you can see the successful overwrite installation

Release version of APK here Successfully posted.

, , , , , , , , , , , ,

Leave a Comment

Your email address will not be published.