Before uploading your Android app to Google Play Store, you need to sign your app. When publishing your app to Google Play for the first time, you must also configure Play App Signing. However, for that, you need to generate the signing keys for your Android app.
Android requires that all apps be digitally signed with a certificate before they can be installed. Android uses this certificate to identify the author of an app, and the certificate does not need to be signed by a certificate authority. Android apps often use self-signed certificates.
The basics behind protecting your Android app is to use a generated certificate and digital key which provides a unique, encrypted, and reasonably un-hackable signature. This proves that the app came from you, not some other suspicious source.
This is done via a Keystore. The Keystore is a simple file with a really large block of encrypted data. This file can be stored anywhere on your computer, and this is generally the first problem that developers encounter.
Keystore files are also protected by a pair of passwords:
While these passwords should ideally be unique, most developers use the same password for both.
You can generate a keystone by using Android Studio. To do so, follow the steps mentioned below:
After generating the signing keys, you need to sign your app with generated keys. For doing that, you require to build the Android app using the signing keys. For more information about the signing keys, go to the Android Developers site.