How to Sign an Already Compiled Apk

Question

I've decoded an APK with apktool (as the original source code was lost) so I could fix some issues with the layout xml files. I've then rebuilt it back up with apktool and when I tried to install it on my device (using adb: adb install appname.apk) it gave me this error:

[INSTALL_PARSE_FAILED_NO_CERTIFICATES]

the original apk however was signed by a keystore (on eclipse IDE), this one isn't, how can I sign it properly with it's original keystone file outside Eclipse!?

Answer 1

If you want to sign an APK, I am assuming you already have an APK and a JKS file.

1. Copy the path of JKS.

2. Copy the path of APK.

3. Now open cmd.

4. Open the build-tools directory from your Android SDK folder. In my case, below is the path:

cd C:\Users\moham\AppData\Local\Android\Sdk\build-tools\30.0.3

5. Now hit enter and write the next command. Make sure to replace <jks_path>, <password>, <destination_apk_path>, and <apk_path> with your paths. Once you hit enter, the signed APK will appear on your desktop in around 10-15 seconds for smaller apps.

apksigner sign --ks jks_path --ks-key-alias key0 --ks-pass pass:password --key-pass pass:password --out destination_apk_path apk_path

Note: Ensure <destination_apk_path> is the path where you want the signed APK to be saved (e.g., on your desktop), different from <apk_path>, also change key0 in case you have a different key.

Answer 2

For editing package name

apktool d "app.apk"
in app\apktool.yml, change renameManifestPackage to "new.package.name"
apktool b "app"

For signing

@echo off
cd "app\dist"
keytool -genkey -v -keystore my.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias app
del "app2.apk"
%localappdata%\Android\Sdk\build-tools\29.0.2\zipalign.exe -p 4 "app.apk" "app2.apk"

REM Signing the APK
%localappdata%\Android\Sdk\build-tools\29.0.2\apksigner.bat sign --ks my.keystore --ks-key-alias app "app2.apk"

REM Verifying the APK
%localappdata%\Android\Sdk\build-tools\29.0.2\apksigner.bat verify "app2.apk"

adb -s 192.168.1.25:5555 install "app2.apk"

Answer 3

fastest way is by signing with the debug keystore:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore ~/.android/debug.keystore app.apk androiddebugkey -storepass android

or on Windows:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore %USERPROFILE%/.android/debug.keystore test.apk androiddebugkey -storepass android

Answer 4

create a key using

keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

then sign the apk using :

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name

check here for more info

Answer 5

Automated Process:

Use this tool (uses the new apksigner from Google):

https://github.com/patrickfav/uber-apk-signer

^{Disclaimer: I'm the developer :)}

Manual Process:

Step 1: Generate Keystore (only once)

You need to generate a keystore once and use it to sign your unsigned apk. Use the keytool provided by the JDK found in %JAVA_HOME%/bin/

keytool -genkey -v -keystore my.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias app

Step 2 or 4: Zipalign

zipalign which is a tool provided by the Android SDK found in e.g. %ANDROID_HOME%/sdk/build-tools/24.0.2/ is a mandatory optimization step if you want to upload the apk to the Play Store.

zipalign -p 4 my.apk my-aligned.apk

Note: when using the old jarsigner you need to zipalign AFTER signing. When using the new apksigner method you do it BEFORE signing (confusing, I know). Invoking zipalign before apksigner works fine because apksigner preserves APK alignment and compression (unlike jarsigner).

You can verify the alignment with

zipalign -c 4 my-aligned.apk

Step 3: Sign & Verify

Using build-tools 24.0.3 and newer

Android 7.0 introduces APK Signature Scheme v2, a new app-signing scheme that offers faster app install times and more protection against unauthorized alterations to APK files (See here and here for more details). Therefore, Google implemented their own apk signer called apksigner (duh!) The script file can be found in %ANDROID_HOME%/sdk/build-tools/24.0.3/ (the .jar is in the /lib subfolder). Use it like this

apksigner sign --ks-key-alias alias_name --ks my.keystore my-app.apk

and can be verified with

apksigner verify my-app.apk

The official documentation can be found here.

Using build-tools 24.0.2 and older

Use jarsigner which, like the keytool, comes with the JDK distribution found in %JAVA_HOME%/bin/ and use it like so:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my.keystore my-app.apk my_alias_name

and can be verified with

jarsigner -verify -verbose my_application.apk

Answer 6

Updated answer

Check https://shatter-box.com/knowledgebase/android-apk-signing-tool-apk-signer/

Old answer

check apk-signer a nice way to sign your app

Answer 7

For those of you who don't want to create a bat file to edit for every project, or dont want to remember all the commands associated with the keytools and jarsigner programs and just want to get it done in one process use this program:

http://lukealderton.com/projects/programs/android-apk-signer-aligner.aspx

I built it because I was fed up with the lengthy process of having to type all the file locations every time.

This program can save your configuration so the next time you start it, you just need to hit Generate an it will handle it for you. That's it.

No install required, it's completely portable and saves its configurations in a CSV in the same folder.

Answer 8

You use jarsigner to sign APK's. You don't have to sign with the original keystore, just generate a new one. Read up on the details: http://developer.android.com/guide/publishing/app-signing.html