Sunday, May 29, 2016

Creating, Signing, Zipaligning an APK from a cordova project for Android

1. Create the project.

Create the project and write all your code here.
cordova create appname com.domain.appname appname

2. Add the platform.

cd appname
cordova platform add android

3. Build an unsigned APK 

which can be uploaded to emulators or devices via ADB or similar for initial testing.
cordova build android

4. Create keystore for signing. 

Navigate to platforms/android from the root of your project. Don't forget the password entered below, otherwise you will no longer be able to update your application in the play store. Use below command to create a new keystore and certificate, the alias used is generally the name of your application.
keytool -genkey -v -keystore appname.keystore -alias appname -keyalg RSA -keysize 2048 -validity 100000

5. Build unsigned release APK.

cordova build android --release

6. Sign the jar file. 

You may get a message, "'jarsigner'/'keytool' is not recognized as an internal or external command, operable program or batch file: Looks like JDK isn't installed, or is installed but is not defined in your environment variables." In that case, download and install JDK 6; such as JDK 6u45, it is ok as long as it is not JDK 7. Google Play Store doesn't play well with JDK 7, and the easiest thing to do right now is keep true with JDK 6. You'd think the problems with signing in JDK 7 would be fixed in JDK 8. That IS NOT the case. Please use JDK 6.
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore <PATH TO KEYSTORE FILE> <PATH TO CORDOVA BUILT APK> <KEYSTORE ALIAS>
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore appname.keystore build/outputs/apk/android-release-unsigned.apk appname

7. Zipalign the app to make it ready for publication. 

If you get the message, "zipalign' is not recognized as an internal or external command, operable program or batch file," looks like the ADT Bundle isn't installed, or is installed but is not defined in your environment variables. Install ADT if not done already and copy zipalign.exe to the current folder. zipalign must only be performed after the .apk file has been signed with your private key.
zipalign -v 4 PATH/TO/YOUR_SIGNED_PROJECT.apk PATH/TO/YOUR_SIGNED_AND_ALIGNED_PROJECT.apk
zipalign -v 4 build/outputs/apk/android-release-unsigned.apk build/outputs/apk/android-release-signed-aligned.apk

Test before uploading to the play store.

Its best to test the new APK in real devices once it has been connected via USB. First remove any previous development versions of your application from the device, otherwise you will receive a certificate error upon installation of the new signed APK. Next, install the new signed APK to the device by uploading it with the following command:
adb install build/outputs/apk/android-release-signed-aligned.apk

No comments: