2013-02-23

Signing Android APK using JDK 7

I've stumbled upon really annoying and hard to inspect problem when publishing an APK to Google Play. Building the package went well as usual, uploading to Google Play as well but in the end user wasn't able to download and install the application getting error message: "Package file was not signed correctly.".

That was strange as Google is veryfing packages just after upload - if the package was built in release mode etc. so I would expect Google to show at least some warning. But it acted like everything was in the best order.

The problem was I was using JDK 7! Default digest algorithm for Java 7 is SHA-256 instead of SHA-1 used in JDK 6. As Android APKs have to use SHA-1 to compute checksums for included files, default JDK 7 settings made resulting APK unusable. I think Google should check this in it's post-upload process.

To resolve this issue add the following lines to build.xml forcing the digest algorithm to be SHA-1.

<presetdef name="signjar">
    <signjar digestalg="SHA1" sigalg="MD5withRSA">
    </signjar>
</presetdef>


Source: http://code.google.com/p/android/issues/detail?id=19567

1 comment:

  1. This is my first visit to your web journal! We are a group of volunteers and new activities in the same specialty. Website gave us helpful data to work. Android apk

    ReplyDelete