In this page we will skim the essential deeds need to be done before publishing an application, after doing this simple steps you will have an APK file at your disposal to upload in CafeBazaar and ready for installation. 

Naming the package

Since this name can not receive any further edit after app publition, make sure you opt a suitable package name for your application. To learn how to choose the application package name, read “principles of naming the package”. 

Signing the package

Before letting an application to install, the android OS checks if the package is signed with a digital certificate so without this certificate users can not install the app. This certificate, sign or anything you want to name it, is used to identify the developer of the application and only owns the private key needed to access this certificate. The set containing this certificate and the Key is called, “keystore”.

An overview of how to sign the application

There exist two different ways to sign an application which are used in different manners. While developing your app, you sign the application using debug mode, for publication you should sign the application in release mode. The debug mode is only for testing the app. The goal of using this sign is to speed up this procedure. To sign an application in release mode you should create your own keystore.

Signing the application in Debug Mode

While developing and testing the application, you sign it with a key produced by Android SDK Tool. this file contains a Private Key with a known password so you can run and test the application without each time typing the password. For example android studio automatically signs your application while you run it for test and this process might be so fast that you won’t notice it.  

Attention: You can install and run an applications signed in debug mode only on simulators or devices connected to computer in debug mode but these applications can not get published on google play or CafeBazaar for public.

Signing an application in Release Mode

After the final version of an application is developed, you have to sign it with a certificate which is specifically yours and only you know the password and have access to its Private Key. The procedure is as follows:

1- Create a keystore. Keystore is a binary file, containing a set of keystores. After creating this file, you have to safeguard it and preferably save it in different safe places in order to decrease the possibility of losing it.

Note: In some development tools such as Basic4android it is possible to see analogous options such as Private Sign Key instead of Keystore. 

2-Create a private key. This key is an identifier of developer or company.

3-Add this sign to build file.

4-After creating Keystore and Private Key, in android studio call assembleRelease.

Note: After signing the application, you can find the final package in this path: app/build/apk/app-release.apk
Attention: Please make sure to provide some back up of your Private key and Keystore and keep them in safe places. If you publish an application in CafeBazaar and lose your sign file, you will not be able to update your app in the future. 

Signing the application in android studio

To sign your app in release mode in android studio Perform the following steps:

1- Choose build button and then click on Generate Signed Key.

2- In the opened window choose Create New to build a new KeyStore.

3- in new KeyStore window, enter required information.

Attention: In validity field, you should enter the expiration time of the Key. In order to make sure future updates for your application we recommend to enter at least 25 years of validity.

4- After entering information and choosing a PrivateKey, choose a path to store the signed version of the application and click on the finish button. 

Signing application in Command Line

For signing an application you do not necessarily need Android Studio. Using standard tools provided by Android SDK and JDK you can sign your application. To sign an application this way perform as follows:

1- Using Keytool, create a Private Key:

keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

After running the above code, you will be asked to define a password for Private Key and KeyStore. Please enter a Distinctive name for the key. The name you enter instead of alias_name, will be used later.

Attention: generated KeyStore in this way will be valid for 10000 days. To make sure availability of this key for future updates we recommend you not to use less than this value for validity-.

After defining all the essentials, my-release-key.keystore file will be generated.

2- Compile your application in release mode in order to obtain unsigned APK.

3- At this stage by using a tool called jarsigner you should sign your application with your private key.

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name

By running the above code you will be asked to enter the password you set in the first step. If you enter the correct password, your APK file will be signed. 

4- We recommend you to check if the APK is signed or not.