Simple Steps to Signed APK File for Cordova Android Builds

Hybrid applications are trending right now. It saves lots of time and money to make native Android/iOS/Web platforms; So generally business owners are preferring hybrid applications for their comfort and the price will be under budget for them.

To make hybrid apps, most developers are using the Cordova framework, as it provides more compatibility of the software with hardware devices (like wifi, Bluetooth, and other sensors, etc.) — This solution will definitely work for you to generate a signed APK using Cordova CLI. Sometimes look and feel might vary from the original native applications. In such a case, I recommend all to use flutter as it has really appreciable material design concepts, which will adapt the proper look and feel for your hybrid android applications.

Step 1: Install Cordova console plugin

Example> cordova plugin rm org.apache.cordova.console --save

If you add --save, it will remove the plugin from the config.xml

Step 2: You need to Update your AndroidManifest.xml file

We want to release a build for Android over the Google play store, first we need to make a small change to ourAndroidManifest.xml file found in platforms/android. You just need some file modifications as given below,

<application android:debuggable="true" android:hardwareAccelerated="true" android:icon="@drawable/icon" android:label="@string/app_name">

Also, change android:debuggable to false for your production build.

<application android:debuggable="false" android:hardwareAccelerated="true" android:icon="@drawable/icon" android:label="@string/app_name">

From the Cordova version 6.X.X, they removed the `android:debuggable` tag permanently. Here Cordova updated their clarifications: (Automation happens, Right! - That is the law of nature!)

The Clarification for issues of type “HardcodedDebugMode”: It’s best to remove the android:debuggable attribute from the manifest at all. If you keep it, then it will be automatically insert android:debuggable=true while building an APK to debug on an emulator or device. And for a release build, such as Exporting APK, it will automatically set it to false. — (Reference from Cordova official documentation)

In Addition, you can also specify a particular value in your manifest file, then the tools will always accommodate it for sure. As an output, it will be yield of accidentally publishing 💔 your application with debug information. Which can make your app unsecure, and may be caught by the Apple store or Android play store scan with high vulnerabilities.

Step 3: Tell Cordova to generate the release build using CLI

Automate the process with the below command,

Example> cordova build --release android

Then, we can find our unsigned APK file in ../platforms/android/ant-build. In my example, the file was present in the following path: ../platforms/android/ant-build/Example-release-unsigned.apk

Step 4: Generate Key, Create a Keystore, and Use Keytool commands

Note that my Keystore keystoreNAME-mobileapps.keystore is present in the project directory, if you want to create another Keystore, You can continue following this step; otherwise, you can skip it.

Hit the following line to your CMD or terminal at the path of your project root directory.

keytool -genkey -v -keystore <keystoreName>.keystore -alias <Keystore AliasName> -keyalg <Key algorithm> -keysize <Key size> -validity <Key Validity in Days>

For example,

keytool -genkey -v -keystore NAME-mobileapps.keystore -alias NAMEmobileapps -keyalg RSA -keysize 2048 -validity 10000

CMD/Terminal will ask you for the following questions,

keystore password? : xxxxxxx

What is your first and last name? : xxxxxx

What is the name of your organizational unit? : xxxxxxxx

What is the name of your organization? : xxxxxxxxx

What is the name of your City or Locality? : xxxxxxx

What is the name of your State or Province? : xxxxx

What is the two-letter country code for this unit? : xxx

Then the Key store has been generated with the name NAME-mobileapps.keystore

Step 5: Utilize Keystore and sign your unsigned APK

Place the generated keystore in,

Old version Cordova

<project_path>\platforms\android\ant-build

New version Cordova

<project_path>\platforms\android\build\outputs\apk

To sign the unsigned APK, run the jarsigner tool, which is also included in the JDK:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore <keystorename> <Unsigned APK file> <Keystore Alias name>

Example\platforms\android\ant-build> jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore NAME-mobileapps.keystore Example-release-unsigned.apk blablamobileapps

-OR-

Example\platforms\android\build\outputs\apk> jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore NAME-mobileapps.keystore Example-release-unsigned.apk blablamobileapps

Enter KeyPhrase as 'xxxxxxxx'

This signs the APK in place.

Step 6:

You are one step away, just run the zipalign tool to optimize your APK:

Example\platforms\android\ant-build> zipalign -v 9 Example-release-unsigned.apk Example.apk

OR (If you are facing an error like — "zipalign not found") then try below command line.

Example\platforms\android\ant-build> C:\Phonegap\adt-bundle-windows-x86_64-20140624\sdk\build-tools\android-9.4W\zipalign -v 9 Example-release-unsigned.apk Example.apk

Bingo!!!

Now we have our final release binary called example.apk and we can release this on the Google Play Store.

Please note that you need to keep your Keystore for your next upcoming updates to the google play store. If you lose it, your life will be screwed up!

Hope, this guide helps you and also saves you a lot of time!

References:

1. Cordova official documentation
2. Android platform guide
3. Beingcoders 9Mood community

Get my stories in your feeds by subscribing to me, or become a vocal+ member to read all stories of thousands of other writers, participate in all challenges and get a payout with low fees and less payout threshold on Vocal Media.

© Originally Published at Cordova CLI — Signed APK Guide, also Republished on Medium by Rakshit Shah.