i have a small clarification. i have the following question,
1.Whether the debug.keystore is used to generating the apk every time building the project normally?
2.I have done unzip the generated apk file. I came to see certificates are available in META-INF folder. Are these certificates generated with debug.keystore to identify the system identification?. Because, Both SHA1 hash values are same in debug.keystore and cert.RSA of unzipped apk.
Please clarify this doubt.
Thanks in advance..
Every apk that you want to install on your device needs to be signed. The debug key is just a random generated certificate by your build tools the first time you use it that is automatically used to sign when you build a debug build. It otherwise does not basically differ from a certificate that you generate for releasing in the play store (ommiting the fact that it uses wrong personal information and a fixed password, of course)
So again: if you build as debug the debug keystore is used, otherwise if you want to create a release you have to create your own keystore and point the build script to it.
More on google docs: http://developer.android.com/tools/publishing/app-signing.html
In debug mode, you sign your app with a debug certificate generated by the Android SDK tools. This certificate has a private key with a known password, so you can run and debug your app without typing the password every time you make a change to your project.
Android Studio signs your app in debug mode automatically when you run or debug your project from the IDE.
You can run and debug an app signed in debug mode on the emulator and on devices connected to your development machine through USB, but you cannot distribute an app signed in debug mode.
By default, the debug configuration uses a debug keystore, with a known password and a default key with a known password. The debug keystore is located in $HOME/.android/debug.keystore, and is created if not present. The debug build type is set to use this debug SigningConfig automatically.
As a added pro tip: If you develop in a team with different shared test devices, it saves a lot of time if you all share the same debug keystore or else you always have to deinstall the debug app when getting the test device from another dev
you cant update application without same keystore value else app show different signature. for example you installed an app from playstore after some days if an update come for application then you will only be able to update previous app if its signature and new app signature is same. this signature is defined in debug.keystore
