React Native and Expo: Android APK release build procedure
For a clean APK release build
1. Delete android folder
2. npx expo prebuild --clean --platform android
3. npx expo-doctor
4. Copy my-release-key.keystore file to android/app/my-release-key.keystore
5. Edit android/gradle.properties and add (including changing password suitably):
MYAPP_UPLOAD_STORE_FILE=my-release-key.keystore
MYAPP_UPLOAD_KEY_ALIAS=my-key-alias
MYAPP_UPLOAD_STORE_PASSWORD=your_keystore_password
MYAPP_UPLOAD_KEY_PASSWORD=your_key_password
----
6. Edit android/app/build.gradle and near the bottom of android { ... } section, add:
signingConfigs {
release {
storeFile file(MYAPP_UPLOAD_STORE_FILE)
storePassword MYAPP_UPLOAD_STORE_PASSWORD
keyAlias MYAPP_UPLOAD_KEY_ALIAS
keyPassword MYAPP_UPLOAD_KEY_PASSWORD
}
}
buildTypes {
release {
signingConfig signingConfigs.release
minifyEnabled false
shrinkResources false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
---------
7. cd android
8. .\gradlew.bat clean
9. .\gradlew.bat assembleRelease
On successful build, android\app\build\outputs\apk\release folder in project will have the release APK file: app-release.apk .
To confirm that release APK has my signature
C:\Users\{Username}\AppData\Local\Android\Sdk\build-tools\35.0.1\apksigner.bat verify --print-certs .\app-release.apk
Note: 35.0.1 is some SDK version number. This may be different in future.
Output of above command should have:
Signer #1 certificate DN: CN=Ravi Iyer, OU=Individual, O=Individual, L=Puttaparthi, ST=Andhra Pradesh, C=IN
If the certificate has something like 'CN=Android Debug, O=Android, C=US' then it is a debug keystore that has been used to sign the release APK. This signature results in Google Play Protect scan option dialog appearing on APK install. Further, this debug signature would probably cause APK submissions to stores like uptodown.com to be rejected.
On phone, 'Apk Analyzer' app, author Martin Styk from Google Play Store can be used to show certificate details of any app. This can be used to confirm that the release APK installed app has my signature (and not Android Debug).
Comments
Post a Comment