This tutorial will help you understand the process of preparing an APK file, generated via CocoonJS, so that it can be uploaded to the Google Play store. At the end of the tutorial we should have an APK that we can upload to the Google Play Developer Console without problems.

Prerequisites

Before we start begin, there are a few prerequisite actions and files to perform and download.

An Unsigned Release APK

Before we can start doing anything you need to make sure you have a ‘release’ version of an APK file that is ‘unsigned’. The one we are using has been generated using the CocoonJS service. Click here for a tutorial on how to use CocoonJS.

Command/Terminal Knowledge

This tutorial will assume you have some basic knowledge of the Command Prompt. The only ‘basic’ knowledge I refer to is how to navigate and view directories. In Windows, use “cd” to change directories and “dir” to view their contents; in OS X, use “cd” to change directories and “ls” to view their contents.

JDK and SDK Tools

Finally you will need a copy of the JDK (Java Development Kit Tools) and the Android SDK (Software Development Kit). I won’t go into detail about the tools in this tutorial, but if you want more knowledge on them then you can find some information about the JDK tools here and more about the SDK tools on Google Play.

JDK – If you don’t have the kit installed or you have forgotten where you have installed it, you can download a copy of the JDK tools. As of writing this tutorial I am using 7u45.

SDK – The only reason we need to have a copy of the SDK tools is to the use ‘zipalign’ functionality it contains. If you already have a way to do this then you will not need to download these tools. Otherwise you can download the tools on Google Play.

Good to Go!

Now that that is done we can get started!

Note – If you are signing a new version of an APK that you have already uploaded to google play, then instead of creating a new Keystore you will need to find the one you used last time and sign it using that one.

Step 1 – Create a KeyStore

If this is your first time signing an APK then we are going to need to create a KeyStore that we can use to sign our APK with. A KeyStore is a Java repository used is for authentication when a user wants to download or install an app. It holds information about us (the developers) and our credentials so when we go to sign the app it will have our ‘brand’.

Open Command Prompt as an Admin

The first step in creating a keystore is to open up the Command Prompt as an Admin. We have tested this in Windows and OS X.

What happens if I don’t launch as an Admin? Well if you don’t then (depending on where you installed it) there could be problems with access/permissions when performing some of the commands.

Navigate to your JDK’s ‘bin’ folder (optional)

If the JDK was fully installed, it will be in your environment path. This means you can invoke its commands from anywhere. To test this, type ‘keytool’ and press Enter. If you get a list of options, the keytool is working properly. If the prompt/terminal does not recognise the command, you will need to navigate to the ‘bin’ folder of where you installed the JDK and run it there. The ‘bin’ folder is the location where we can find the ‘keytool.exe’, which handles the generation of a keystore. This folder also contains a few other useful files like the ‘jarsigner’, which we will use a little bit later.

If you don’t need to go to the bin, instead navigate to a working folder. The folder you are in will be where the keystore file is saved.

Generate the Keystore

We can now execute the code needed to generate a new keytool. Type out the following code inside your cmd window now. I’ll explain what it does in a second.

The code above will generated a new keystore file with the name <my-release-key> with a 2048 keysize and that is valid for 10000 days. When generating your own keystore you should of course change the name of keystore from <my-release-key> to be your own along with the <alias_name> so that it is more relevant to you. More information about the keytool can be found on Oracle’s website.

Notes!

• When generating your key you need to make sure that will be valid after the 23rd of October 2033. This is enforced by Google Play to ensure users can seamlessly upgrade.
• Keep your key PRIVATE. You don’t want other users (or malicious third parties) pretending to release apps under your certificate. See the securing your key section for more info.

Once you have had a read of the notes, you should be able execute your code to generate a keystore in your command prompt. There will be a few on-screen prompts which you just need to follow (make sure you remember your password).

If it worked, there should be a new keystore file inside your current directory with the name you specified. Don’t close the cmd window just yet, as we are not done.

Step 2 – Sign your App

Now that we have a keystore file, we can sign our APK.

Optional – Relocate your APK

Now, this step is optional and is up-to-you, but I like to move my ‘unsigned’ APK into the ‘bin’ folder. This is just so that when I am typing out which file I would like to ‘sign’ I don’t have to remember all of the folders it lies within. If you are working in another folder, ensure you know where your APKs are by path.

Back to CMD – Sign the File

It’s time to jump back to our command window, where we can use the jarsigner to sign our APK.

Before you execute this code make sure your replace the <my-release-key> with your release key, <my_application> the name of your apk and <alias_name> with your alias_name.

What does the code do? It uses the jarsigner to sign our APK. The ‘-verbose’ parameter just means we get more information and we are telling it to use SHA1withRSA as it’s signature algorithm.

Once you execute the code it will ask you for a password, which will be the one that is assigned to the keystore you are using.

For more information see the oracle documentation on the jarsigner

Optional – Did it work?

If are wanting to know whether or not the your APK is has now been signed. There is a line of code you can execute.

This code should hopefully output ‘jar verified’ if your APK is all good to go! If not you may need to go back a few steps.

Step 3 – ZIP Align

Now that you hopefully have a signed APK file, there is one last step to do before our APK is ready to be uploaded. You must ‘zipalign’ the APK. Zipaligning an APK provides important optimization. You can find more information about the zipalign tool here.

Optional: Relocation

Since the zipalign tool isn’t a part of the JDK tools we have been using, but is a part of the SDK tools, we may to need to relocate the now signed APK and the command window. The directory to move to is the tools folder of where you installed your the SDK.

If you would rather leave your files where they are, you can run the zipalign utility from its current location. Simply prefix it with the path to its location; on OS X this might be “/Users/user/Library/Android/sdk/build-tools/21.1.2/zipalign”.

Zipalign Command

Now it is back to the Command Window to zipalign our APK.

Once that code has been successfully executed you now have TWO APKs. The new one was generated by the zipalign process and is the final result of the work.

All Done!

At this point you should hopefully have a signed and optimized APK that you can now upload to Google Play! More information (and another useful tutorial) can be found on the Android Developer Console. Otherwise upload your app, so I can play it!

If you have any comments/questions or need some help, you are more than welcome to leave a comment below or send a message on the help page. Because we always want to hear from you