If you develop with Eclipse, you most likely use the built in Export Wizard to export and sign your Android applications.

There are some cases though, when this method will not do. For example, if you decide to publish your applications on the new Amazon App Store, you will find out that they require you to submit an unsigned apk first. They do some optimizations and DRM (if you chose to use it) processing of it, and then they allow you to download the new package and sign and re-upload the final .apk file.

Amazon provides an option to sign the package for you, but in a lot of cases that will not work. For example, if you use some Google API’s (like Google Maps, etc.) you must sign it yourself! Otherwise the application will not work!

Steps to sign your application:

1. Export the unsigned package:

Right click on the project in Eclipse -> Android Tools -> Export Unsigned Application Package

2. Sign the application using your keystore and the jarsigner tool (comes with the JDK):

Change directory to where your unsigned .apk file is. Then run:

jarsigner -verbose -keystore /path_to_keystore/mykeystore.keystore my_application.apk my_keystore_alias

It will ask you to provide your password:

Enter Passphrase for keystore:

Once you enter the password it will sign your apk. To verify that the signing is successful you can run:

jarsigner -verify my_application.apk

It should come back with:

jar verified.

Just an FYI: The jarsigner tool should be in your /usr/bin directory by default.

Here is a detailed documentation on signing your Android applications: http://developer.android.com/guide/publishing/app-signing.html

3. Do not forget to zipalign the .apk at the very end!

Even though this is not absolutely necessary, it is highly recommended. The zipalign tool optimizes the .apk file and makes it a lot faster to execute.

To zipalign your application:

zipalign -f -v 4 my_application.apk my_zipaligned_application.apk

As you can see, zipalign expects you to provide the input .apk file and specify what you want the output file to be named.

Zipalign tool documentation.

How to sign an unsigned Android package (.apk file)

8 thoughts on “How to sign an unsigned Android package (.apk file)

  • October 7, 2011 at 9:25 pm
    Permalink

    HI, I am having difficulty signing the reconfigured file from Amazon Appstore. Can you be more specific in your instruction on how to do this please? The first step is “run jarsigner.” Can you give step-by-step instructions as if you are communicating with non-programmers?

    Thanks so much.

  • October 9, 2011 at 5:09 pm
    Permalink

    @Michelle,

    I am not sure what part exactly you are having a problem with…

    In order to run commands you need to open a Terminal window. In Ubuntu, you can find Terminal under “Accessories” (Alt+F1, then Accessories, then hit Terminal).

    Once Terminal opens, change your directory to the place you saved the .apk file (in step 1 of the tutorial). You need to type the “cd” command in terminal, followed by the directory where you saved the .apk file and then hit Enter.

    Then, take the command in step 2 and just substitute:

    “/path_to_keystore/mykeystore.keystore” with the path to the keystore file on your computer
    “my_application.apk” with the name of the apk file
    “my_keystore_alias” with the alias that you had given the keystore when you created it

    Once you substituted those parts in the command, paste it in the Terminal window and hit Enter. It will ask you to enter the password for the keystore. You are done!

    Unfortunately, I cannot be more specific than that. I do not know the paths and the names of your directories and files on your computer to be able to give you something that you could just copy and paste.

  • February 1, 2012 at 3:05 am
    Permalink

    Hi, when is enter the passphrase passoword it says : jarsigner error certifivate exception: java.io.IOExceptopm Parse generalized time, invalid format.

    Please help me!

  • October 19, 2012 at 3:55 am
    Permalink

    C:\Program Files\Java\jdk1.7.0_05\bin>jarsigner -verbose -sigalg MD5withRSA -dig
    estalg SHA1 -keystore “C:\Users\Gapps\.android\debug.keyStore Litizen.apk gappsk
    ey

    when i enter above command it give me message
    “Please specify jarfile name”

    how can i solve this problem?

  • October 19, 2012 at 4:13 am
    Permalink

    C:\Program Files\Java\jdk1.7.0_05\bin>jarsigner -verify -verbose -certs “E:\ANKU
    SH\Litizen_Unsigned\Litizen.apk”
    when i enter above command it give me message
    “jar verified.”
    warning:This jar contains entries whose certificate chain is not validated.
    what is this actully?

  • March 14, 2013 at 9:54 am
    Permalink

    Thank you for this. It was very helpful to me.

    I will add that for OS X users they will want to download from developer.apple.com and install the package that is referred to as “Java for OS X 2013-002 Developer Package” (the dates will surely change though) to get the JDK. Just installing Java is not enough. In fact, when running “tools/android update sdk” caused my system to prompt me to install Java, I declined because installing the Developer Package brings Java with it.

  • Pingback: How to sign an unsigned Android package (.apk file) using command line | thana.in.th

  • April 12, 2015 at 7:12 am
    Permalink

    hello , while signing the apk it goes good means asks for paaphrase but when I verify for the apk it says that FileNotFoundException……..

Leave a Reply

Your email address will not be published. Required fields are marked *

*