Geek Answers Handbook

How do Android devices get developer public keys?

Android requires all installed applications to be digitally signed with a certificate, the private key of which is stored by the application developer. How exactly does the public key apply to Android client devices? Is the public key contained in apk when developers release the application? If so, where is the key stored?

Or the Android market, for example. Does Google play, keep a list of developer identifiers along with the corresponding public key, and press the right key on client devices when downloading the application?

Are there any documents conveying this information?

Thanks so much for any inputs.

+8
android certificate public-key
source share
4 answers

The public key is distributed in the apk file. If you unzip the apk file, you can find there a special META-INF folder, which contains all the information about the signature. Basically, you need to study files with the * .RSA and * .DSA extensions, which contain the package signature along with the public key.

You can read these two articles ( one , two ) to understand the process.

+8
source share

http://developer.android.com/google/play/licensing/adding-licensing.html#account-key

Some parts of the link will solve your question. Insert your public key for licensing.

For each application, the Google Play service automatically generates a 2048-bit pair of RSA public and private keys, which is used for licensing and billing in the application. A key pair is uniquely associated with the application. Although this is related to the application, the key pair does not match the key that you use to sign your applications (or derived from it).

The Google Play Developer Console provides a public key for licensing to any developer signed into the Developer Console, but it hides the private key from all users in a safe place. When an application requests a license check for an application published to your account, the licensing server signs a license response using the private key of your application key pair. When LVL receives a response, it uses the public key provided by the application to verify the signature of the license response.

To add a license to the application, you must obtain the public key of your application for licensing and copy it to your application. Here's how to find the public key of your licensing application:

Go to the Google Play Developer Console and sign in. Make sure you are logged in to the account from which the application you are licensing is published (or will be published). On the application details page, find the Services and APIs link and click on it. On the Services and API page, find the Licensing and App-Based Billing sections. Your public key for licensing is listed in the "License key for this application" field. To add a public key to your application, simply copy / paste the key string from the field into your application as the value of the String variable BASE64_PUBLIC_KEY. When you copy, make sure you select the entire key string without omitting any characters.

Here is an example from an application for LVL selection:

public class MainActivity extends Activity { private static final String BASE64_PUBLIC_KEY = "MIIBIjANBgkqhkiG ... "; //truncated for this example ... }
+2
source share

You must upload them to the play store before publishing.

Then it is checked for the signature of your apk: http://developer.android.com/google/play/licensing/adding-licensing.html#account-key

If you are talking about a key for checking applications during installation: you can use any key to sign the application and install it via adb. But you will have to use the same key to reinstall the application. In this case, the keys are not checked for global repo, as in Google Play, they are just checked locally.

For testing, everything is a little different, I think that this is due to the interaction of the meter and the tested code, they need to be run in one process, so if you install a test application package with a debug certificate, then you cannot install the application using the release certificate either install the application with the debug certificate, or remove the tests.

Some details here: http://developer.android.com/tools/publishing/app-signing.html

+1
source share

Here's an example, follow steps 1-8 in the "Obtaining a Certificate" section. This is not just a Google API tutorial, it covers the key signature that you need in that one section that I mentioned.
There is also a link to the debug keys and Release for Android development, which provide additional information on the Android development site.

REFERENCE: Android Signing Keys and Google Maps API Key

+1
source share

More articles:


All Articles