Recently I have received an warning email from Google Play Store about a security vulnerability in the old Apache Cordova Platform 4.0.x.
I am in the process of updating my old test Cordova Android App from 4.x to latest Apache Cordova version.
One of the hurdles I have is signing of the APK with the newer Cordova Platform.
Since Apache Cordova v5.0, they have changed the build-automation system from Apache Ant to Gradle. What used to work with the ant.properties file no longer work the with the new system.
After some Googling I found my answer. Under the usual platform/android folder, create a file called release-signing.properties (for release build; or use debug-signing.properties for debug build). In the file, add the following lines:
storeFile=<path-to-your-key-store> // e.g. ../../MyKeyStore/myKeyRepository.keystore keyAlias=<key-alias-name> // e.g. myAppKey
Now just run the cordova build --release command, and it will prompt you for the KeyStore Password & Key Password. Once built, it will automatically sign the APK.
Aside: KeyStore is a tool in the Java Development Platform that allow developers to sign their applications. Google requires all apps published to the Google Play Store to be signed. To create a signing key and keystore, open a command prompt with path include the Java JDK bin folder:
keytool.exe -genkey -v -keystore <your-key-store-name>.keystore -alias <key-alias-name> -keyalg RSA -keysize 2048 -validity 10000
It will prompt you to setup the Keystore password, Key password, and some basic author information including your name, company, and location. Once completed, it will create the keystore file you can use for signing your APK package.
No comments:
Post a Comment