Different types of APK

Question

Can someone please explain the difference between:

• signed apk
• unsigned apk
• apk in debug mode
• apk in release mode

Although its clear that signed apk is the one you generate apk with your own certificate and the unsigned one without without certificate.

Especially what are the apk in debug mode and apk in release mode really mean?

How are these two related with signed apk and unsigned apk?

Edited: Also is there any more types of apk apart from this?

I have already read the docs at http://developer.android.com/tools/publishing/app-signing.html

It only explains about the Signing in Debug Mode and Signing in Release Mode, but they didn't mention anything about the apk in debug mode and apk in release mode.

Answer 1

The same way you can have documents signed with a digital key to prove their origin and ownership and websites have a certificate for that, you can do the same thing with APKs by signing them using the tools provided by the SDK.

Unsigned vs Signed APK:

One has been signed and the other has not. Just like that. Think of GPGed emails or Websites with the Green thingy on the address bar for signed APKs and plain emails or websites with no ssl for unsigned APKs.

Before we talk about debug mode and release mode, I'll give a very brief explanation on signing, actually talk about authority-certified signing and self-signing.

When you go to a SSL protected website you might see either a warning message or a red X by the url, depending on the browser, warning you that the certificate can't be trusted. Normally that means the website is using a self-signed certificate. What that means is that you can't really tell who made the certificate and no one can really say it's secure for real or that it comes from where it says it does.

On the other hand, the Authority-certified signed certificates, they have someone(a company) which is known and (is supposed to) guarantees the quality of the certificate and that who's using is who it should be.

Now back to APKs:

When you're just testing your app, when you want test it, you don't really need a proper certificate as you're the one installing the app on your device and you know (at least you should) the app you're making is not supposed to cause any problems.

On the other hand, when you put them in the Android market, it is important to know that the app people are downloading are really yours, so that's when you're gonna use a properly signed certificate. The one you can't lose and blah blah blah.

This brings us to Debug mode and Release mode.

They are just build/deploy environment/settings to help you be more productive.

When you select debug mode, the apk will(might?) contain a lot more debug info (and for that be bigger) and will normally be signed with your self-signed certificate (the debug key) which is (most normally) automatically generated.

when you select release mode it (should) strip useless debug information reducing the size of your app and will properly sign your APK with a certified key which is necessary to release apps in the market.

Hope this helps and if you need more clarifications ask in the comments

Answer 2

You can build unsigned only via command line as far as i know. Here is how to do it Build unsigned APK

Here is an extract from the link for you.

Build unsigned

If you build your application unsigned, then you will need to manually sign and align the package.

To build an unsigned .apk in release mode, open a command-line and navigate to the root of your module directory. Invoke the assembleRelease build task.

On Windows platforms, type this command:

gradlew.bat assembleRelease On Mac OS and Linux platforms, type this command:

$ ./gradlew assembleRelease This creates your Android application .apk file inside the project bin/ directory, named -unsigned.apk.

Note: The .apk file is unsigned at this point and can't be installed until signed with your private key.

Once you have created the unsigned .apk, your next step is to sign the .apk with your private key and then align it with zipalign. To complete this procedure, read Signing Your Applications.

When your .apk has been signed and aligned, it's ready to be distributed to end-users. You should test the final build on different devices or AVDs to ensure that it runs properly on different platforms.

Answer 3

To install any apk to any device they must be signed, unsigned apks can only be tested in the emulator. while signing you can do it in a couple of ways this is a extract from developer.android.com http://developer.android.com/tools/publishing/app-signing.html

Signing Overview You can sign an app in debug or release mode. You sign your app in debug mode during development and in release mode when you are ready to distribute your app. The Android SDK generates a certificate to sign apps in debug mode. To sign apps in release mode, you need to generate your own certificate.

Signing in Debug Mode

In debug mode, you sign your app with a debug certificate generated by the Android SDK tools. This certificate has a private key with a known password, so you can run and debug your app without typing the password every time you make a change to your project.

Android Studio signs your app in debug mode automatically when you run or debug your project from the IDE.

You can run and debug an app signed in debug mode on the emulator and on devices connected to your development manchine through USB, but you cannot distribute an app signed in debug mode.

By default, the debug configuration uses a debug keystore, with a known password and a default key with a known password. The debug keystore is located in $HOME/.android/debug.keystore, and is created if not present. The debug build type is set to use this debug SigningConfig automatically.

Answer 4

From Android docs:

You can sign an app in debug or release mode. You sign your app in debug mode during development and in release mode when you are ready to distribute your app. The Android SDK generates a certificate to sign apps in debug mode. To sign apps in release mode, you need to generate your own certificate.

That is, when you are going to distribute your app, you sign your app in release mode with your own keystore file. Signing in debug mode is generally done automatically by your IDE.