Sign application with several certificates
https://stackoverflow.com/questions/2682105
-
30-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
From the signing documentation at https://developer.android.com/studio/publish/index.html:
When the system is installing an update to an application, if any of the certificates in the new version match any of the certificates in the old version, then the system allows the update.
This indicates that an application can be signed with multiple certificates.
This is an interesting option to allow multiple entities to sign an application. e.g: A system application which was initially signed by the device's manufacturer. Further updates could be signed by the developer.
Am I misreading the documentation or is this really possible? If so, how?
Is there any other way for an application to support different certificates and with that, having two or more entities sign it?
Solution
You can sign apks with different certificates if you use a different alias in the signing process.
This will create different files inside of the META-INF Folder. I don't know what the implications are for the update process inside the android market.
OTHER TIPS
I found a solution for this, not that pretty but a solution nonetheless.
A signed apk file consists of:
- Files signed with a given certificate
- a META-INF folder with the public certificate key
To have an apk with multiple certificates:
- Each party signs the apk
- The META-INF contents of each apk are collected
- a new apk (this is just a zip file) is created and the META-INF folder contains all the certificates
This will allow any of the signing parties to update the apk.
One note, there is no possibility to add certificates in an update.
