4

I am developing for an application currently. But when i will finish my app developement and i create .apk, should i sign it or make it unsigned while giving my app to my client for testing on their own devices?? He should not be able to put this apk on market as an author/ He should not distribute without my permission.

Any suggestions are welcome. Thanks.

Shashank Degloorkar
  • 3,151
  • 4
  • 32
  • 50
  • 3
    What you need to consider is creating a trial with a [time-bomb](http://stackoverflow.com/questions/995719/android-trial-applications) in it - obfuscated using ProGuard. This will give you a minimal safety - but anyone half-competent with access to smali will remove the time-bomb with relative ease. – Jens Feb 01 '12 at 11:22
  • Simply change package name to com.example.something becuase application with package com.example will never be uploaded to google play store – Syed Jan 21 '20 at 11:52

4 Answers4

1

Steps:

In Android Studio Generate Build APK

  1. Build -> Build APK
  2. You get popup once apk is generated Build APK Apk(s) generated successfully. Shown in File Manager.
  3. Goto https://www.diawi.com/ and signup if if you are a new user, else login.
  4. In above link you may find option "Upload your app".
  5. Inside that box you ma find "Drag&drop files here .ipa or .zip(.app) .apk"
  6. So Drag and Drop apk file or Browse apk file using + Add file(s) button.
  7. After uploading apk Click on Send button.
  8. This will generate a URL and Barcode.
  9. Share that URL with a person who want to test the build.
Ketan Ramani
  • 4,874
  • 37
  • 42
1

You can sign with your debug key which in windows resides in: username/.android/debug.keystore

Password is: android

Sec password is: android

Edit: But if the person has some knowledge he can just resign it with another key, you can't really protect yourself against this (afaik).

Warpzit
  • 27,966
  • 19
  • 103
  • 155
  • This doesn't really *do* anything - the actual process of stealing his app that the client would have do is unpackage & repackage it, and signing the app with the clients *own* permission. – Jens Feb 01 '12 at 11:10
  • will this solution be full proof if combined with Proguard obfuscation?? – Shashank Degloorkar Feb 01 '12 at 11:13
  • 2
    No. Proguard only helps if they care about the source of your application (i.e. want to fiddle around in it & alter it). – Jens Feb 01 '12 at 11:14
  • Time-bombing or giving the client a "preview" app with disabled functionality. Or trusting the client or the competency of the contract drawn up your in-house lawyers. – Jens Feb 01 '12 at 12:38
  • @Jens I think you are right :), signing with debug key wouldn't prevent anything anyway. – Warpzit Feb 01 '12 at 12:52
0

you don't need to sign using debug key, android sdk does it automatically, and android applications signed by debug key is not possible to upload on market, you can get apk file in bin directry of your project.

jeet
  • 29,001
  • 6
  • 52
  • 53
  • Giving the client an unsigned or signed APK does not do anything - regardless of the signature used - repackaging the app & signing it with a signature belonging to the client is *exceptionally* easy - hell, it's even required for the client to do this if he/she wants to steal the app and upload it to Android Market themselves.. – Jens Feb 01 '12 at 11:13
  • then why not sign application with a private key with expiration date less than 1 year – jeet Feb 01 '12 at 11:35
  • App signatures != theft protection. Repackaging & *re-signing* the application is required to steal the app and upload it to the clients Market account anyway. – Jens Feb 01 '12 at 11:39
0

file-> export click on android select "export android application" specify the path

aviz
  • 103
  • 1
  • 9