React Native and Expo: Android APK release build procedure

Last updated on 24 Nov 2025

For a clean APK release build

1) Delete android folder

2) npx expo prebuild --clean --platform android

3) npx expo-doctor

4) Copy my-release-key.keystore file to android/app/my-release-key.keystore

        To create keystore file, see below section: Creating Android release keystore file

5) Edit android/gradle.properties and add (including changing password suitably):

MYAPP_UPLOAD_STORE_FILE=my-release-key.keystore

MYAPP_UPLOAD_KEY_ALIAS=my-key-alias

MYAPP_UPLOAD_STORE_PASSWORD=your_keystore_password

MYAPP_UPLOAD_KEY_PASSWORD=your_key_password

----

6)  Edit android/app/build.gradle  

     In existing signingConfigs block which should already have debug block, add release block:

signingConfigs {

debug { ... }

release {

storeFile file(MYAPP_UPLOAD_STORE_FILE)

storePassword MYAPP_UPLOAD_STORE_PASSWORD

keyAlias MYAPP_UPLOAD_KEY_ALIAS

keyPassword MYAPP_UPLOAD_KEY_PASSWORD

}

}

     In buildTypes release block delete old signingConfig line and replace it with

        signingConfig signingConfigs.release

        as shown below:

buildTypes {

        release {

      signingConfig signingConfigs.release

      ...

}

}

        ---------

    As per CG, you do not need to add:

         minifyEnabled false

         shrinkResources false

     because existing build.gradle is already handling these settings properly,

     using Expo/React Native defaults.

        

  OR

  Near the bottom of android { ... } section, add:

signingConfigs {

release {

storeFile file(MYAPP_UPLOAD_STORE_FILE)

storePassword MYAPP_UPLOAD_STORE_PASSWORD

keyAlias MYAPP_UPLOAD_KEY_ALIAS

keyPassword MYAPP_UPLOAD_KEY_PASSWORD

}

}

buildTypes {

release {

signingConfig signingConfigs.release

minifyEnabled false

shrinkResources false

proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'

}

}

---------

7) cd android

8) .\gradlew.bat clean

9) $Env:CMAKE_VERSION = '3.31.6'

• Above is workaround for (as per CG) "Path-length + CMake version bug on Windows". See post (search for quoted string).

10) .\gradlew.bat assembleRelease

On successful build, android\app\build\outputs\apk\release folder in project will have the release APK file: app-release.apk .

---------------------

Creating Android release keystore file

The command to run:

keytool -genkeypair -v -keystore my-release-key.keystore -alias my-key-alias -keyalg RSA -keysize 2048 -validity 10000

Output of above command and data I typically enter (password is hidden):

Enter keystore password:

Re-enter new password:

What is your first and last name?

  [Unknown]:  Ravi Iyer

What is the name of your organizational unit?

  [Unknown]:  Individual

What is the name of your organization?

  [Unknown]:  Ravi Iyer Software Solutions

What is the name of your City or Locality?

  [Unknown]:  Puttaparthi

What is the name of your State or Province?

  [Unknown]:  Andhra Pradesh

What is the two-letter country code for this unit?

  [Unknown]:  IN

Is CN=Ravi Iyer, OU=Individual, O=Ravi Iyer Software Solutions, L=Puttaparthi, ST=Andhra Pradesh, C=IN correct?

  [no]:  yes

Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,000 days

        for: CN=Ravi Iyer, OU=Individual, O=Ravi Iyer Software Solutions, L=Puttaparthi, ST=Andhra Pradesh, C=IN

[Storing my-release-key.keystore]

--------------------

To confirm that release APK has my signature

C:\Users\{Username}\AppData\Local\Android\Sdk\build-tools\35.0.1\apksigner.bat verify --print-certs .\app-release.apk

Note: 35.0.1 is some SDK version number. This may be different in future.

Output of above command should have:

Signer #1 certificate DN: CN=Ravi Iyer, OU=Individual, O=Individual, L=Puttaparthi, ST=Andhra Pradesh, C=IN

If the certificate has something like 'CN=Android Debug, O=Android, C=US' then it is a debug keystore that has been used to sign the release APK. This signature results in Google Play Protect scan option dialog appearing on APK install. Further, this debug signature would probably cause APK submissions to stores like uptodown.com to be rejected.

On phone, 'Apk Analyzer' app, author Martin Styk from Google Play Store can be used to show certificate details of any app. This can be used to confirm that the release APK installed app has my signature (and not Android Debug).