How To Sign Your App For iOS And Android

sign your appOnce our clients have created their apps on Fliplet they sometimes choose to share them via the public iOS or Google Play App Stores. Whilst we can help clients with the submission process sometimes there’s a stumbling block if our clients are unable to share their iOS or Google Play App Store certificates for security or other reasons.

To ensure our clients can quickly and easily use Fliplet apps with their certificates, we recommend clients follow the following processes for signing Apple or signing Android apps.

How to sign your app for iOS

To resign an Apple iOS IPA app please follow these instructions:

  1. Visit https://github.com/RichardBronosky/ota-tools and download the ipa_sign bash script
  2. ipa_sign takes the following arguments:
    1. an ipa file
    2. provision file
    3. the name of the certificate in your keychain that you want to sign with
  3. For example:$ ipa_sign app.ipa customer.mobileprovision "customer enterprise mobile certificate"

How to sign your app for Android

The following is copied from the Android developer documentation site. For the latest instructions please review the signing app Android developer documentation page.

Signing Your Android App Manually

You do not need Android Studio or the ADT plugin for Eclipse to sign your app. You can sign your app from the command line using standard tools from the Android SDK and the JDK. To sign an app in release mode from the command line:

  1. Generate a private key using keytool. For example:$ keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

    This example prompts you for passwords for the keystore and key, and to provide the Distinguished Name fields for your key. It then generates the keystore as a file called my-release-key.keystore. The keystore contains a single key, valid for 10000 days. The alias is a name that you will use later when signing your app.
  2. Compile your app in release mode to obtain an unsigned APK.
    Sign your app with your private key using jarsigner:$ jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1
    -keystore my-release-key.keystore my_application.apk alias_name

    This example prompts you for passwords for the keystore and key. It then modifies the APK in-place to sign it. Note that you can sign an APK multiple times with different keys.
  3. Verify that your APK is signed. For example:$ jarsigner -verify -verbose -certs my_application.apk
  4. Align the final APK package using zipalign.$ zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk

    zipalign ensures that all uncompressed data starts with a particular byte alignment relative to the start of the file, which reduces the amount of RAM consumed by an app.