Appdome Logo
How to > DevSecOps Automation in CI/CD > Automated Signing of Secured Mobile Apps > How to Sign your Android App Using Appdome's Auto-Dev Private Signing Script

How to Sign your Android App Using Appdome's Auto-Dev Private Signing Script

Last updated July 2, 2024 by Appdome

To install Android apps on mobile devices, they must be signed first. Many developers sign within their development and integration platform. Still, some are required to sign the applications on designated computers in order to preserve the signing credentials within a trusted environment. Appdome’s private signing script allows developers to sign Appdome-built apps quickly on a local machine without uploading the signing certificate to Appdome’s cloud service.

This Knowledge Base article provides step-by-step instructions for signing your Android mobile app using Appdome’s Auto-Dev private signing script.

About Securely Automating Android App Signing

Appdome is a mobile security platform that allows users to add a wide variety of security features to iOS and Android apps using a simple ‘click to add’ user interface with no code required. During the building process, adapters are added to the app to achieve the desired functionality, invalidating the app’s original signature, which must then be re-signed to deploy the app on mobile devices.

Appdome’s Auto-DEV private signing script allows users to sign Appdome-built apps locally without uploading the signing certificate to Appdome’s cloud service. The unsigned app is embedded in the script generated by Appdome. Running the script on your trusted environment will extract and sign the app using a certificate you provide. However, due to Appdome’s anti-tampering mechanism, local signing may fail in deployment if the signing keystore does not match the Certificate Fingerprint. Auto-DEV private signing allows integrating the local signing into CI/CD systems.

Prerequisites to Securely Automate Android App Signing

  • Appdome account – IDEAL or Higher.
  • Appdome-DEV access
  • Android Mobile App
  • Keystore – This should be the same keystore file used to sign your Android app when distributing it via Google Play (it can also be the upload key if you are using Google Play App Singing).
  • Keystore Password – The password used to unlock your keystore.
  • Key Alias – The name you assigned to your keystore.
  • Key Password – This is the specific password defined for your signing key.
  • For Mac OS X or Linux computers:
    • Python software (version 2.7 or higher).
    • keytool executable (part of JRE or JDK, version 1.8 or higher) in the search path.
    • zipalign executable (part of the Android SDK Build Tools, version 28.0.3 or higher) in the search path.
    • apksigner executable (part of the Android SDK Build Tools, version 28.0.3 or higher) in the search path.
  • For Windows computers (Windows 10 or Windows server 2019):

Important Note:

When signing in your local environment, the Java version installed locally must be identical to or newer than the Java version used when generating your keystore.

To check your Java version, run the following command on your terminal:

java -version

Environment Configuration

For Mac OS or Linux:

  • Locate your zipalign and apksigner executables on your computer.
  • Add their full location (SDK Built tools) to your environment $PATH variable, for example:

export PATH=$PATH:$ANDROID_HOME/build-tools/29.0.0

For Windows-Subsystem-Linux 

  • After you installed the Linux distribution on your Windows computer, open the WSL console and run the following commands:

sudo apt update
sudo dist-upgrade -y && sudo apt install -y unzip zipalign lib32z1 openjdk-8-jdk gradle
curl https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip --output/tmp/sdk-tools-linux-4333796.zip
unzip/tmp/sdk-tools-linux-4333796.zip -d ~/Android
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
cd Android/tools/bin
./sdkmanager "platform-tools" "platforms;android-29" "build-tools;29.0.0"
export ANDROID_HOME=~/Android
export PATH=$PATH:$JAVA_HOME/bin:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools:$ANDROID_HOME/build-tools/29.0.0
cd ~
android update sdk --no-ui
gradle -v
adb start-server

Steps to Securely Automate Android App Signing

To securely automate Android app signing:

  1. Create an Appdome account 
    • Sign up for a free Appdome account here.
  2. Add a Mobile App to Your Appdome Account
  3. Select the Signing Method
  4. Generate the Signing Script
    • Wait for Appdome to verify the signing parameters.
    • Click the Auto-DEV Sign Privately button.
    • Once the signing script generation is complete, click “Next” to move to the Deploy tab.
    • Download the automatic private signing script (sign. sh). This script embeds your unsigned app.
      Signing Script
      Auto Dev Private Signingbuild Details

How to Run the Auto-DEV Private Script:

To run the automatic private signing script, use the following command:

sign.sh --output <path_to_outputfile.apk or path_to_outputfile.aab> --keystore <path_to_keystore> --keystore_pass <keystore password> --key_pass <key password> --keystore_alias <key alias>

Note: In some environments, you may be required to grant executable permissions to the signing script (using chmod +x command).

Congratulations! You now have a signed app with Appdome’s Auto-DEV private signing script.

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Related Articles

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. 

Appdome

Want a Demo?

Automated Signing of Secured Mobile Apps

AlanWe're here to help
We'll get back to you in 24 hours to schedule your demo.