Keep your upload key secret, but you can share your app’s public certificate with others. The key you use to sign your app bundle before you upload it on Google Play. Keep your app signing key secret, but you can share your app’s public certificate with others. When you use Play App Signing, you can either upload an existing app signing key or have Google generate one for you. The key Google Play uses to sign the APKs that are delivered to a user's device. Descriptions of keys, artifacts, and tools For these apps, Play recommends using Play App Signing and switching to app bundles. However, if you lose your keystore or it becomes compromised, you won’t be able to update your app without publishing a new app with a new package name. Note: For apps created before August 2021, you can still upload an APK and manage your own keys instead of using Play App Signing and publishing with an Android App Bundle. By letting Google manage your app signing key, it makes this process more secure. Devices only accept updates when its signature matches the installed app’s signature. To ensure that app updates are trustworthy, every private key has an associated public certificate that devices and services use to verify that the app update is from the same source. If you want to learn more about Google’s infrastructure, read the Google Cloud Security Whitepaper.Īndroid apps are signed with a private key.
Keys are protected by Google’s Key Management Service.
When you use Play App Signing, your keys are stored on the same secure infrastructure that Google uses to store its own keys. To use Play App Signing in, you need to be an account owner or a user with the Release to production, exclude devices, and use Play App Signing permission, and you need to accept the Play App Signing Terms of Service. Play App Signing stores your app signing key on Google’s secure infrastructure and offers upgrade options to increase security. With Play App Signing, Google manages and protects your app's signing key for you and uses it to sign optimized, distribution APKs that are generated from your app bundles.
0 kommentar(er)
