8

From the signing documentation at https://developer.android.com/studio/publish/index.html:

When the system is installing an update to an application, if any of the certificates in the new version match any of the certificates in the old version, then the system allows the update.

This indicates that an application can be signed with multiple certificates.

This is an interesting option to allow multiple entities to sign an application. e.g: A system application which was initially signed by the device's manufacturer. Further updates could be signed by the developer.

Am I misreading the documentation or is this really possible? If so, how?

Is there any other way for an application to support different certificates and with that, having two or more entities sign it?

Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
  • 1
    "A system application which was initially signed by the device's manufacturer. Further updates could be signed by the developer." -- that specifically is not possible. An "update" implies a change, and so the APK would need to be resigned by the manufacturer. – CommonsWare Apr 21 '10 at 11:18
  • Are you saying that it is not possible to have more that one certificate for a given apk? Maybe my example was not complete, I should have written: "A system application which has two certificates and was initially signed by the device's manufacturer. Further updates could be signed by the developer, with the use of the second certificate." I think this does contrary to the documentation, or is it? –  Apr 21 '10 at 13:07
  • According to [the official documentation](http://developer.android.com/tools/publishing/app-signing.html#signing-manually): _Note that you can sign an APK multiple times with different keys_. – Stan Jun 23 '15 at 09:36

2 Answers2

2

I found a solution for this, not that pretty but a solution nonetheless.

A signed apk file consists of:

  • Files signed with a given certificate
  • a META-INF folder with the public certificate key

To have an apk with multiple certificates:

  • Each party signs the apk
  • The META-INF contents of each apk are collected
  • a new apk (this is just a zip file) is created and the META-INF folder contains all the certificates

This will allow any of the signing parties to update the apk.

One note, there is no possibility to add certificates in an update.

  • How did you that? Could you please explain this a little bit further? I thought that chaning the content of the apk and repacking it should change the resulting file and make the prior signing attempts useless? – Janusz Mar 08 '11 at 11:59
  • Hey - *bump* - my assumption would be with @Janusz, how would you add the new signatures without affecting the signature of the whole bundle. Is META-INF excluded from the signature calculation? – Chris Maddern Aug 08 '12 at 13:52
2

You can sign apks with different certificates if you use a different alias in the signing process.

This will create different files inside of the META-INF Folder. I don't know what the implications are for the update process inside the android market.

Janusz
  • 187,060
  • 113
  • 301
  • 369
  • I believe your answer is the way to go. Mine was a hack. From the tests I made the META-INF isn't taken into account when signing the apks. This ended up not being release but I did test in real devices — the installation of the changed apk that is. –  Jun 03 '11 at 21:26