Android APK/AAB Signing

To publish on the Play Store, you need to sign your app with a digital certificate.

Android uses two signing keys: upload and app signing.

Developers upload an .aab or .apk file signed with an upload key to the Play Store. The end-users download the .apk file signed with an app signing key. To create your app signing key, use Play App Signing as described in the official Play Store documentation.

To sign your app, use the following instructions.

1. Create an upload Keystore

   If you have an existing keystore, skip to the next step. If not, create one using one of the following methods:

   1. Following the Android Studio key generation steps

   2. Running the following at the command line: On Mac/Linux, use the following command:

      keytool -genkey -v -keystore ~/upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload

      On Windows, use the following command:

      keytool -genkey -v -keystore $env:USERPROFILE\upload-keystore.jks -storetype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias upload

      This command stores the upload-keystore.jks file in your home directory. If you want to store it elsewhere, change the argument you pass to the -keystore parameter. However, keep the keystore file private; don’t check it into public source control!

      Note

      • The keytool command might not be in your path—it’s part of Java, which is installed as part of Android Studio. You may find it installed in the JDK that is installed with Android Studio, for example:

        • Linux: /opt/android-studio/jbr/bin/keytool

        • macOS: /Applications/Android Studio.app/Contents/jbr/Contents/Home/bin/keytool

        • Windows: C:\\Program Files\\Android\\Android Studio\\jbr\\bin\\keytool.exe

        Then use that fully qualified path. If your path includes space-separated names, such as Program Files, use platform-appropriate notation for the names. For example, on Mac/Linux use Program\ Files, and on Windows use "Program Files".

      • The -storetype JKS tag is only required for Java 9 or newer. As of the Java 9 release, the keystore type defaults to PKS12.

2. Reference the Keystore from the App

   Create a file named [project]/src-tauri/gen/android/keystore.properties that contains a reference to your keystore:

   storePassword=<password from previous step>
   keyPassword=<password from previous step>
   keyAlias=upload
   storeFile=<location of the key store file, such as /Users/<user name>/upload-keystore.jks or C:\\Users\\<user name>\\upload-keystore.jks>

   Caution

   Keep the keystore.properties file private; don’t check it into public source control.

3. Configure Signing in Gradle

   Configure gradle to use your upload key when building your app in release mode by editing the [project]/src-tauri/gen/android/app/build.gradle.kts file.

   1. Add the needed imports at the beginning of the file:

      import java.util.Properties
      import java.io.FileInputStream

   2. Add the release signing config before the buildTypes block:

      signingConfigs {
          create("release") {
              val keystorePropertiesFile = rootProject.file("keystore.properties")
              val keystoreProperties = Properties()
              if (keystorePropertiesFile.exists()) {
                  keystoreProperties.load(FileInputStream(keystorePropertiesFile))
              }
      
              keyAlias = keystoreProperties["keyAlias"] as String
              keyPassword = keystoreProperties["keyPassword"] as String
              storeFile = file(keystoreProperties["storeFile"] as String)
              storePassword = keystoreProperties["storePassword"] as String
          }
      }
      
      buildTypes {
          ...
      }

   3. Use the new release signing config in the release config in buildTypes block:

      buildTypes {
          getByName("release") {
              signingConfig = signingConfigs.getByName("release")
          }
      }

Release builds of your app will now be signed automatically.