If you develop with Eclipse, you most likely use the built in Export Wizard to export and sign your Android applications.
There are some cases though, when this method will not do. For example, if you decide to publish your applications on the new Amazon App Store, you will find out that they require you to submit an unsigned apk first. They do some optimizations and DRM (if you chose to use it) processing of it, and then they allow you to download the new package and sign and re-upload the final .apk file.
Amazon provides an option to sign the package for you, but in a lot of cases that will not work. For example, if you use some Google API’s (like Google Maps, etc.) you must sign it yourself! Otherwise the application will not work!
Steps to sign your application:
1. Export the unsigned package:
Right click on the project in Eclipse -> Android Tools -> Export Unsigned Application Package
2. Sign the application using your keystore and the jarsigner tool (comes with the JDK):
Change directory to where your unsigned .apk file is. Then run:
jarsigner -verbose -keystore /path_to_keystore/mykeystore.keystore my_application.apk my_keystore_alias
It will ask you to provide your password:
Enter Passphrase for keystore:
Once you enter the password it will sign your apk. To verify that the signing is successful you can run:
jarsigner -verify my_application.apk
It should come back with:
Just an FYI: The jarsigner tool should be in your /usr/bin directory by default.
Here is a detailed documentation on signing your Android applications: http://developer.android.com/guide/publishing/app-signing.html
3. Do not forget to zipalign the .apk at the very end!
Even though this is not absolutely necessary, it is highly recommended. The zipalign tool optimizes the .apk file and makes it a lot faster to execute.
To zipalign your application:
zipalign -f -v 4 my_application.apk my_zipaligned_application.apk
As you can see, zipalign expects you to provide the input .apk file and specify what you want the output file to be named.