For security reasons, it’s a good idea to have app signing and upload keys that are different from each other. Keep your upload key secret, but you can share your app’s public certificate with others. The key that you use to sign your app bundle before you upload it on Google Play. Keep your app signing key secret, but you can share your app’s public certificate with others. When you use Play app signing, you can either upload an existing app signing key or have Google generate one for you. The key Google Play uses to sign the APKs that are delivered to a user's device. Descriptions of keys, artifacts and tools For these apps, Play recommends using Play app signing and switching to app bundles. However, if you lose your keystore or it becomes compromised, you won’t be able to update your app without publishing a new app with a new package name. Note: For apps created before August 2021, you can still upload an APK and manage your own keys instead of using Play app signing and publishing with an Android App Bundle.
By letting Google manage your app signing key, it makes this process more secure. Devices only accept updates when their signature matches the installed app’s signature. To ensure that app updates are trustworthy, every private key has an associated public certificate that devices and services use to verify that the app update is from the same source. If you want to learn more about Google’s infrastructure, read the Google Cloud security white paper.Īndroid apps are signed with a private key. Keys are protected by Google’s key management service. When you use Play app signing, your keys are stored on the same infrastructure that Google uses to store its own keys. To use Play app signing, you need to be an account owner or a user with the Release to production, exclude devices and use Play app signing permission, and you need to accept the Play app signing Terms of Service. Play app signing stores your app signing key on Google’s secure infrastructure and offers upgrade options to increase security. With Play app signing, Google manages and protects your app's signing key for you and uses it to sign optimised, distribution APKs that are generated from your app bundles.
0 kommentar(er)
