Publishing App in Google Play Store (maven based project)

While developing an android app it is recommended to do it in debug mode. So when it is time to upload the generated apk to the store and publish it is necessary to activate de release mode.

The process of enabling the release mode and make the apk upload work needs some basic steps. There are two basic musts to take into account with the generated apk:

  • It must be zipaligned
  • It must be signed

The first one is just the first problem I have found the first time I was trying to upload the apk. As the android website explains (Android apk zipalign):

zipalign is an archive alignment tool that provides important optimization to Android application (.apk) files. The purpose is to ensure that all uncompressed data starts with a particular alignment relative to the start of the file. Specifically, it causes all uncompressed data within the .apk, such as images or raw files, to be aligned on 4-byte boundaries. This allows all portions to be accessed directly with mmap() even if they contain binary data with alignment restrictions. The benefit is a reduction in the amount of RAM consumed when running the application.

To zipalign the apk we just must configure the android-maven-plugin properly:

On the signing side (Android apk signing):

Android requires that all apps be digitally signed with a certificate before they can be installed. Android uses this certificate to identify the author of an app, and the certificate does not need to be signed by a certificate authority. Android apps often use self-signed certificates. The app developer holds the certificate’s private key.

For this purpose the android maven plugin signs the apk with the debug.keystore by default (./android/debug.keystore). So another keystore must be created to sign it. The java keytool is used for this purpose:

Once the keystore is created we copy it into the project folder (it is important the keystore to be part of the project as it will not be included in the final apk and it is always useful to have everything well located for future maintenances) and configure the maven plugin that sign the apk:

Finally, as it was our case, if any external API that needs authentication is used (Google Maps for example) a new credential must be generated with the new SHA1 fingerprint (Google developers console).

Leave a Reply