All Android Applications Must Be Digitally Signed
All Android applications must be signed before they are allowed to be deployed onto a device (or emulator). Unlike other mobile platforms, you need not purchase digital certificates from a certificate authority (CA). Instead, you can generate your own personal certificate and use it to sign your Android applications.
When you use Eclipse to develop your Android application and then press F11 to deploy it to an emulator, Eclipse automatically signs it for you. To verify this, first go to WindowsPreferences in Eclipse, then expand the Android item, and select Build (see Figure ). Eclipse uses a default debug keystore (debug.keystore) to sign your application.
Signing an Application Manually
If you are publishing an Android application, you must sign it with your own certificate. Applications signed with the debug certificates cannot be published. To sign your application manually, you need to perform the following steps:
  
All Android applications must be signed before they are allowed to be deployed onto a device (or emulator). Unlike other mobile platforms, you need not purchase digital certificates from a certificate authority (CA). Instead, you can generate your own personal certificate and use it to sign your Android applications.
When you use Eclipse to develop your Android application and then press F11 to deploy it to an emulator, Eclipse automatically signs it for you. To verify this, first go to WindowsPreferences in Eclipse, then expand the Android item, and select Build (see Figure ). Eclipse uses a default debug keystore (debug.keystore) to sign your application.
Signing an Application Manually
If you are publishing an Android application, you must sign it with your own certificate. Applications signed with the debug certificates cannot be published. To sign your application manually, you need to perform the following steps:
- Compile your application in release signing mode. To do so in Eclipse, right-click on the package name and select Android ToolsExport Unsigned Application Package…
- You will then be asked to select a directory for exporting the application (Android package has the .apk extension). For convenience, I have exported the Android package to C:\Program Files\Java\jdk1.6.0_10\bin\ . You will understand why this is so shortly. (Note that I am using JDK 1.6.10; you might have some other versions on your computer and hence the folder name may vary a little.)
- If you wish to sign your application using the debug keystore, copy the Debug.keystore file from C:\Documents and Settings\\Local Settings\Application Data\Android\ to C:\Program Files\Java\jdk1.6.0_10\bin\. 
-  Use the jarsigner.exe tool (comes with your JDK) located in C:\Program Files\Java\jdk1.6.0_10\bin\ to sign the .apk file with the specified keystore:jarsigner -verbose -keystore debug.keystore MyKillerApp.apk androiddebugkey
- When prompted for the password for the keystore, use the default password: android. The jarsigner.exe tool takes in the following options:
- -keystore: This is the name of the keystore containing your private key.
- -verbose: This enables verbose output.
- To verify that the application is signed correctly, you can use the –verify option with jarsigner.exe. You can also use the –certs option to view the details of the certificate used to sign the application.


