App signing certificate

Native library protects JNI interface and allows calling of Native methods through SDK only from known applications by checking APK signing certificate if it matches the one embedded in Native library. Native library contains different embedded certificate for every client. APK signing certificate (META-INF/CERT.RSA, without trailing signature) is embedded inside of Native library during compilation of Native code.

If Google Play App Signing is used, APK signing certificate is located here: META-INF/GOOGLEPLAY.RSA.

Signing APK and exporting signing certificate

1. Build an unsigned APK.

$ gradle assembleRelease


2. Align the unsigned APK using zipalign.

$ zipalign -v -p 4 app-unsigned.apk app-unsigned-aligned.apk


3. Sign the APK with private key using apksigner.

$ apksigner sign --ks <KEYSTORE.jks> --ks-key-alias <ALIAS> --out app-release.apk app-unsigned-aligned.apk


4. Export the CERT.RSA or GOOGPLAY.RSA.

$ cp app-release.apk
$ unzip -d app-release
$ cp app-release/META-INF/<NAME>.RSA ./<NAME>.RSA
On this page