79

I've downloaded and compiled Android 2.1 version with signed-google_ion-ota-14721.zip image for my HTC phone. The compile completed successfully and so the system image flash. How can I sign my own Android application with the system signature?

Can someone describe the whole process for signing a user application with system signature as I am completely new to the signing process.

Reno
  • 33,594
  • 11
  • 89
  • 102
Michalis
  • 3,109
  • 6
  • 26
  • 24

2 Answers2

122

Finally I managed to discover a way to sign my application with the platform signature. You need to use keys located in <root-of-android-source-tree>/build/target/product/security/ and add android:sharedUserId="android.uid.system" in your AndroidManifest.xml file.

Details from this google groups thread:

On top of signing Android 1.6 for Dream with certificates generated by myself, I've also managed to sign my app with the platform certificate and run it with the system sharedUserId. These are the steps I took:

  • Build and flash to your Dream your own Android using https://web.archive.org/web/20081211205758/http://source.android.com:80/documentation/building-for-dream. Use the mkkey.sh script on https://web.archive.org/web/20091213215940/http://pdk.android.com/online-pdk/guide/release_keys.html to create new certificates, including x509 certificates before you do 'make'.
  • In the AndroidManifest.xml of your application: under the <manifest> element, add the attribute android:sharedUserId="android.uid.system".
  • Export an unsigned version of your Android application using Eclipse: right-click on the project >> Android Tools >> Export Unsigned Application Package.

  • Use <root-of-android-source-tree>/out/host/<your-host>/framework/signapk.jar to sign your app using platform.x509.pem and platform.pk8 in <root-of-android-source-tree>/build/target/product/security generated earlier:

    java -jar signapk.jar platform.x509.pem platform.pk8 YourApp-unsigned.apk YourApp-signed.apk.

  • Install the app to your device:

    adb install YourApp-signed.apk
  • Run your app
  • Use adb shell ps to confirm that your app is running as system.
Charitha Ratnayake
  • 379
  • 3
  • 14
Michalis
  • 3,109
  • 6
  • 26
  • 24
  • You can accept your own answer to signalize that you've found a solution for this problem. ;) – Octavian Helm Sep 06 '10 at 13:11
  • 1
    But /build/target/product/security/ where i can get this path ?? – Ahmed May 15 '12 at 07:00
  • 2
    @user1155908: it is in android os source code. You have to download Android Open Source Project (AOSP): http://source.android.com/source/downloading.html – m-ric Sep 26 '12 at 19:42
  • https://github.com/plattypus/Android-4.0.1_r1.0/tree/master/build/target/product/security Do we have the password for it? – pablisco Aug 30 '13 at 11:11
  • 1
    @pablisco The password is "android". See also [this answer](http://stackoverflow.com/a/20168382/427545) on alternative ways to sign an APK. – Lekensteyn Nov 23 '13 at 22:55
  • 2
    Is this method still working ? The release keys link seems to be broken ! – code2be Jan 21 '16 at 07:19
  • Can someone please update the answer with **working links** and **explanation** more in depth? I am new to the signing process. – Amitai Fensterheim Jul 07 '16 at 17:07
  • would that work with a stock Android installed from over-the-air update? From [android official link](https://source.android.com/devices/tech/ota/sign_builds.html#certificates-keys), it sounds like they use the keys in the public repo. – toine Oct 11 '16 at 22:15
  • do we need to use signapk.jar located in the source tree of my current device or i can use any available signapk.jar file (probably of some other device)? – Akshay Shah Nov 24 '16 at 13:16
  • error is coming while installing ..INSTALL_FAILED_SHARED_USER_INCOMPATIBLE – Surya Prakash Kushawah Feb 20 '17 at 06:50
  • It worked for me. I have found the android source code [here](https://android.googlesource.com/platform/build/+/android-4.2.2_r1/target/product/security/). Instead of installing it, you can also put it at the /system/app directory and reboot device to have it available to use. – Diego Malone May 03 '17 at 19:56
  • 2
    Hi, I have sign my application with the certificates in android source code. But I didn't find SignApk.jar file in that source. So, I downloaded explicitly from git and Sign my Apk. But, while installing the application I am getting this error: INSTALL_FAILED_SHARED_USER_INCOMPATIBLE. Can Someone help please... – Juhi Matta May 25 '17 at 07:19
  • Do we need any runtime installed on linux or windows to run this command. the above command gives me error `Failed to load any of the given libraries: [conscrypt_openjdk_jni windows-x86_64, conscrypt_openjdk_jni]` – Rajeev Kumar Jul 17 '19 at 10:59
  • While this method was working perfectly for Android 7.1 somehow it doesn't work for Android 9 - APK get unsigned. – Worker Sep 10 '19 at 16:03
  • After doing all steps, still can not access ports below 1024. – MHSaffari Dec 27 '20 at 11:31
10

The procedure works fine I have tried it. So long as you don’t forget to run zipalign after signing as the signing processes leaves the APK unaligned and it will NOT install. You will need to install the aligned APK.

zipalign -fv 4 YourApplication-signed.apk YourApplication-aligned.apk
Ashley Medway
  • 7,151
  • 7
  • 49
  • 71
user2478124
  • 101
  • 1
  • 3