Android系统要求所有已安装的应用程序必须
用证书的数字签名,该证书的私钥由
应用程序的开发人员. Android系统将证书用作
识别应用程序作者并确定的方法
信任应用程序之间的关系.证书未使用
控制用户可以安装哪些应用程序.证书
不需要由证书颁发机构签名:这是完美的
允许和典型的Android应用程序使用自签名
证书.
The Android system requires that all installed applications be
digitally signed with a certificate whose private key is held by the
application's developer. The Android system uses the certificate as a
means of identifying the author of an application and establishing
trust relationships between applications. The certificate is not used
to control which applications the user can install. The certificate
does not need to be signed by a certificate authority: it is perfectly
allowable, and typical, for Android applications to use self-signed
certificates.
了解有关签署Android应用程序的要点
是:
The important points to understand about signing Android applications
are:
- 所有应用程序都必须签名.如果未签名,则系统不会在模拟器或设备上安装应用程序.
- 要测试和调试应用程序,构建工具会使用由Android创建的特殊调试密钥对应用程序进行签名
SDK生成工具.
- 准备向最终用户发布应用程序时,必须使用适当的私钥对其进行签名.您无法发布
用SDK生成的调试密钥签名的应用程序
工具.
- 您可以使用自签名证书对应用程序进行签名.不需要证书颁发机构.
- 系统仅在安装时测试签名者证书的到期日期.如果应用程序的签名者证书在
应用程序已安装,该应用程序将继续运行
通常.
- 您可以使用标准工具-Keytool和Jarsigner-生成密钥并签署应用程序.apk文件.
- 在您的应用程序发布后签名,我们建议您使用zipalign工具来优化最终的APK包.
- All applications must be signed. The system will not install an application on an emulator or a device if it is not signed.
- To test and debug your application, the build tools sign your application with a special debug key that is created by the Android
SDK build tools.
- When you are ready to release your application for end-users, you must sign it with a suitable private key. You cannot publish an
application that is signed with the debug key generated by the SDK
tools.
- You can use self-signed certificates to sign your applications. No certificate authority is needed.
- The system tests a signer certificate's expiration date only at install time. If an application's signer certificate expires after the
application is installed, the application will continue to function
normally.
- You can use standard tools — Keytool and Jarsigner — to generate keys and sign your application .apk files.
- After you sign your application for release, we recommend that you use the zipalign tool to optimize the final APK package.
Android系统将不会安装或运行非以下版本的应用程序
适当签名.这适用于运行Android系统的任何地方,
无论是在实际设备上还是在仿真器上.因此,您
必须先为您的应用程序设置签名,然后才能运行它,或者
在模拟器或设备上对其进行调试
The Android system will not install or run an application that is not
signed appropriately. This applies wherever the Android system is run,
whether on an actual device or on the emulator. For this reason, you
must set up signing for your application before you can run it or
debug it on an emulator or device
原因为何:
应用程序签名的某些方面可能会影响您如何处理
开发应用程序,尤其是如果您打算
释放多个应用程序.
Some aspects of application signing may affect how you approach the
development of your application, especially if you are planning to
release multiple applications.
通常,所有开发人员的推荐策略是对所有开发人员进行签名
整个过程中具有相同证书的应用程序
应用程序的预期寿命.有几个原因
您应该这样做:
In general, the recommended strategy for all developers is to sign all
of your applications with the same certificate, throughout the
expected lifespan of your applications. There are several reasons why
you should do so:
Application upgrade – As you release updates to your application, you must continue to sign the updates with the same
certificate or set of certificates, if you want users to be able to
upgrade seamlessly to the new version. When the system is installing
an update to an application, it compares the certificate(s) in the new
version with those in the existing version. If the certificates match
exactly, including both the certificate data and order, then the
system allows the update. If you sign the new version without using
matching certificates, you must also assign a different package name
to the application — in this case, the user installs the new version
as a completely new application.
应用程序模块化 – Android系统允许使用相同证书签名的应用程序在同一进程中运行,如果
应用程序如此请求,以便系统将它们视为
单一申请.这样,您可以将应用程序部署在
模块,如果有以下情况,用户可以独立更新每个模块
需要.
Application modularity – The Android system allows applications that are signed by the same certificate to run in the same process, if
the applications so requests, so that the system treats them as a
single application. In this way you can deploy your application in
modules, and users can update each of the modules independently if
needed.
通过权限共享代码/数据 – Android系统提供了基于签名的权限实施,因此,
应用程序可以向其他应用程序公开功能
使用指定的证书签名.通过签署多个申请
具有相同证书并使用基于签名的权限
检查后,您的应用程序可以安全方式共享代码和数据.
Code/data sharing through permissions – The Android system provides signature-based permissions enforcement, so that an
application can expose functionality to another application that is
signed with a specified certificate. By signing multiple applications
with the same certificate and using signature-based permissions
checks, your applications can share code and data in a secure manner.
确定签名策略时的另一个重要注意事项
如何设置将用于签名的密钥的有效期
您的应用程序.
Another important consideration in determining your signing strategy
is how to set the validity period of the key that you will use to sign
your applications.
If you plan to support upgrades for a single application, you should ensure that your key has a validity period that exceeds the expected
lifespan of that application. A validity period of 25 years or more is
recommended. When your key's validity period expires, users will no
longer be able to seamlessly upgrade to new versions of your
application.
如果要使用同一密钥对多个不同的应用程序进行签名,则应确保密钥的有效期超过预期
所有应用程序所有版本的寿命,包括
依赖的应用程序,将来可能会添加到套件中.
If you will sign multiple distinct applications with the same key, you should ensure that your key's validity period exceeds the expected
lifespan of all versions of all of the applications, including
dependent applications that may be added to the suite in the future.
如果您打算在Google Play上发布您的应用程序,则用于对应用程序进行签名的密钥必须有一个有效期结束
2033年10月22日之后.GooglePlay强制执行此要求以确保
当新版本发布时,用户可以无缝升级应用程序
可用.
If you plan to publish your application(s) on Google Play, the key you use to sign the application(s) must have a validity period ending
after 22 October 2033. Google Play enforces this requirement to ensure
that users can seamlessly upgrade applications when new versions are
available.
这篇关于在发布到PlayStore之前,为什么要在我的apk上签名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
