Open in app

Sign in

Write

Sign in

iOS and Android code signing

Designveloper
2 min readNov 21, 2019

--

Mobile app development is fun … until code signing, which is a really painful and cumbersome task that mobile developers cannot run away.

What is code signing?

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed.

Android Code Signing

App signing is a process by Google Play to manage and protect your app’s signing key for you and uses it to sign your APKs for distribution. Doing so will benefit you as follows:

  • Use the Android App Bundle and support Google Play’s Dynamic Delivery. The Android App Bundle makes your app much smaller, your releases simpler, and makes possible dynamic features and instant experiences.
  • Increase the security of your signing key, and make it possible to use a separate upload key to sign the app bundle you upload to Google Play.

You can generate upload key using the following command:

This command prompts you for passwords for the Keystore and alias, along with some additional information. It then generates the Keystore as a file called my-upload-key.keystore.

The first key that you use to upload your app will become the official upload key, and you should use that key for future releases. After that, you can generate your app’s APK (or App Bundle), submit it to Google Play and opt-in to app signing by letting Google create and manage your app signing key.

iOS Code Signing

To build and deploy an app to the App Store, we need to have the development and distribution certificates. CSR is the process of requesting certificates from the Certificate Authority so that Apple can verify the details of who is requesting an issue of the developer certificate.

It has a .certSigningRequest extension and typically includes the certificate request information, signature algorithm, and a public key of the requester.

The encrypted hashes along with the signer’s certificate represent the digital signature that is stored in the app. After we have the certificates and provisioning profiles ready, we can now move to the next steps of code signing. The hashes will then be encrypted using the signer’s private key.

If certificates are all about our identities, then provisioning profiles are all about our apps. A provisioning profile contains these pieces of information:

  • Team ID
  • Bundle ID
  • App ID
  • Entitlements
  • Developer certificates
  • Provisioned devices in the list of UDIDs
IOS
Android
Android App Development
IOS App Development
Coding

--

--

Designveloper
Designveloper

Written by Designveloper

26 Followers
2 Following

Realizing Ideas — www.designveloper.com

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams