Member-only story
Android apk signing: sign an unsigned apk using command line
The steps to build an unsigned apk and sign it with the help of jarsigner or apksigner. And why it is necessary to do so.

Building an apk (or app bundle) is almost the final step in Android development process. It could be done easily through Android Studio interface or with the help of a few command lines. People often sign the apk at the same time of building it by providing a signing config through the Generate Signed Bundle or APK popup or in build.gradle file. However, not all developers know that they can build an unsigned apk and manually sign it later.
But why? Why do we have to accomplish two single steps instead of doing all in one?
Well, there can be different reasons and it depends on the development process of each project.
- One of them is that, sometimes, a project is owned by client, and they want to be more proactive and secure on the product by holding essential parts that could be extracted away from the codes and manipulate these parts. Signing information is such a part in Android. With this feature, clients have the ability to create keystore, password by themselves and keep them safe on their own.
- However, clients do not often know about…