KeyStore and Key Alias

Christopher Francisco picture Christopher Francisco · Jul 15, 2013 · Viewed 40.8k times · Source

I'm in the process of exporting an app and I'm very curious about the keystore and keyalias. I'm not really sure what are they for, or how many should I create (maybe one for each app?). I would appreciate any information relating those keys. Thanks

Answer

Jade Byfield picture Jade Byfield · Jul 15, 2013

It is basically a way to identify yourself with your app. There are debug keys and signing keys, the latter which you will need to upload APKs to the Play store and publish your app. The Key Alias is a just a commonplace name that points to a specific certificate. You can create one for each release, or just use the same one for all your apps. I suggest creating one for each app, and making sure you back up multiple copies. I like to keep 3, one on my system, one in my Dropbox, and another on an external somewhere. If you lose that keystore file there is absolutely no way to retrieve it, or publish future versions of an application. This questions is pretty useful

EDIT: The "App-Signing" section of the Developer's site actually suggest using the same certificate across all your apps

In general, the recommended strategy for all developers is to sign all of your applications with the same certificate, throughout the expected lifespan of your applications. There are several reasons why you should do so...

Application upgrade – As you release updates to your application, you must continue to sign the updates with the same certificate or set of certificates, if you want users to be able to upgrade seamlessly to the new version. When the system is installing an update to an application, it compares the certificate(s) in the new version with those in the existing version. If the certificates match exactly, including both the certificate data and order, then the system allows the update. If you sign the new version without using matching certificates, you must also assign a different package name to the application — in this case, the user installs the new version as a completely new application.

Application modularity – The Android system allows applications that are signed by the same certificate to run in the same process, if the applications so requests, so that the system treats them as a single application. In this way you can deploy your application in modules, and users can update each of the modules independently if needed. Code/data sharing through permissions – The Android system provides signature-based permissions enforcement, so that an application can expose functionality to another application that is signed with a specified certificate. By signing multiple applications with the same certificate and using signature-based permissions checks, your applications can share code and data in a secure manner.