App Bundle

App Bundle is a publishing format for Android applications which includes all of your app compiled code and resources. Bazaar uses your app bundle to generate and publish optimized packages for devices with different configurations. With this new feature, you don’t need to build and manage APKs to have optimized applications for different devices, and users will receive smaller and more optimized apps. 

How to create an app bundle? 

While creating a new release or at the beginning of your app publication, upload your app aab file instead of uploading apk.

After uploading the aab file, you can see the following message. Based on this message, use the bundle signer tool to encrypt your aab file and then upload the encrypted file (.bin).

Bundle Signer Tool

When you upload a package for the first time, Google receives your signature file and saves it. Then, it uses the saved file to sign your first package and your next updates. Bazaar does not allow any maintenance and storing of the developers’ signature to protect their privacy and security. Therefore, Bazaar has developed the bundle signer tool to sign your file offline and send the output file.

• Bundle signer is an open-source tool, and all of its codes are accessible for you. After running bundle signer on your device, it uses your private key to encrypt the necessary parts of your file and finally gives you the encrypted file in the .bin format as an output.

• The output file is generated from the encryption process of the bundle with your private key. This file includes only the irreversible encrypted blocks of your bundle packages. Therefore, your private key cannot be extracted from the encrypted file (.bin) under any circumstances. Also, the encrypted file (.bin) is only applicable to the present bundle file and cannot be used for other ones.  

• The encrypted file (bin) will be used to sign the split files of the bundle.

• To verify the ownership of the applications and protect developers’ apps from abuse, Android is obligated that all of the released packages of an app must have the same signature as the first released package of that app. Therefore, Bazaar requires the encrypted file (bin) of your bundle to equalize the signature of your new package with the previous ones.

Note: you can get the latest version of the bundle signer tool from Bazaar Github.

Note: if you have previously published your app as an apk file, you must use your previous signature file to generate the encrypted file (bin). Otherwise, the signature of your new package will not be the same as the previous ones, and Android will prevent your app’s update on your previously installed app.

How to Generate the Signed Binary File?

Use the bundle signer tool to sign your bundle file. Then upload the output bundle file in bin format.

To build a signed file, call the bundle signer with proper inputs based on your key. For example, if you use a key in PKCS #8 format, set these flags: 

java -jar bundlesigner-0.1.0.jar genbin  -v --bundle app.aab --bin /home/bin_files/
       --v2-signing-enabled true --v3-signing-enabled false
       --key dsa-1024.pk8  --cert dsa-1024.x509.pem

If you use a key in Java keystore, set the flags as the following:

java -jar bundlesigner-0.1.0.jar genbin  --bundle app.aab --bin /home/bin_files/
       --v2-signing-enabled true --v3-signing-enabled false
       --ks key.jks -v

---

Attention: When generating the signed binary file, ensure that you are using the same bundle file (aab) as the one you have uploaded in your first release in the developers’ panel. If you want to change the bundle file, remove the release and upload the bundle file again. Note that the signature file is generated from your application content. Therefore, any dissimilarity between the uploaded bundle file and the bundle file you have given to the bundle signer tool will lead to the verification error of the application signature.

---

How to Run the Bundle Signer? 

Bundle signer is a command-line tool. To run this tool, you must have JRE 9 and later installed on your device and follow one of these commands: 

• To run the bundle signer tool on windows, open cmd and then run the following command: 

C:\>  java -jar bundlesigner-0.1.4.jar --help

• To run the bundle signer on the Unix operating systems, open the terminal and run the following command: 

user@unix-machine:~$   java -jar bundlesigner-0.1.4.jar --help

For more information about using bundle signer, see this link.

After processing the uploaded bundle, you can see the release page. Please do a final check and then send the release request. 

While building an app bundle, keep the following in mind: 

• The bundle processing stage based on your application size and characteristics might take some time. Please be patient. 
• The bundle version code must always be more than the version codes of all the packages in previous releases. 
• You cannot delete the generated packages from the bundle after processing. To revise, disable your release first, and then create a new release. 
• There is no size limit for the bundle file. 
• You cannot use expansion files (obb) while using bundle. 
• Devices with minsdk 21 (minsdk 23 for Samsung devices) and more can support bundle apps. To support lower minsdks, create a release with an apk package with a lower minsdk and lower version code. Note that users always receive the most compatible package with the highest version code.
• You don’t need to sign your app’s bundle file in the Android Studio. Just use Bazaar’s bundle signer tool to sign your bundle file. By signing your bundle file in the Android Studio, only one encrypted block will be added to your bundle file, and your key file will not be endangered (the same as the Bazzar’s process).

If you require any further information, please send us a support ticket from your panel. 

Read More:

• Guidelines
• Publishing Rules