HomeFeaturesGuidesGetting StartedPricingDictionariesBlogFeedback
App Signing

Android App Signing Guide: APK Signatures, Zipalign, and Verification

Understand Android APK signing schemes, zipalign, keystore handling, signature verification, and how ADB Pro simplifies signing inside JetBrains IDEs.

8 min read

Android app signing proves that an APK or generated split APKs come from the expected developer key. A release workflow should zipalign the artifact, sign it with the correct scheme and keystore, and verify the signature before distribution.

Signing Concepts

Android supports multiple APK signature schemes. V1 provides legacy JAR signing compatibility. V2 and V3 protect more of the APK structure and are required for modern distribution expectations. The right combination depends on your minimum Android version and release channel.

For Play Store releases, signing may involve both your upload key and Google Play App Signing. For direct distribution, your release keystore remains the key identity users depend on for updates.

Manual Workflow

  1. Build an unsigned or release-ready APK.
  2. Run zipalign before signing when needed.
  3. Sign with apksigner using the release keystore and alias.
  4. Enable the signature schemes required by your target devices.
  5. Verify the final APK with apksigner verify --verbose --print-certs.
  6. Install the signed artifact on a test device before distribution.

Checks Before Publishing

CheckToolWhy
Zip alignmentzipalign -cConfirms optimized APK alignment.
Signature schemesapksigner verifyConfirms expected v1/v2/v3 coverage.
Certificate fingerprintapksigner --print-certsConfirms the correct key signed the artifact.
Install testadb installCatches install-time signing or compatibility problems.

Common Mistakes

How ADB Pro Helps

Signing Tools provides APK signing, zipalign, signature verification, keystore management, and favorite signing configurations from the IDE. AAB Tools uses signing configuration during AAB-to-APKS workflows, and Release Readiness checks signing status before release.

FAQ

Should I use v1, v2, or v3 signatures?

Modern releases normally use v2 and often v3, while v1 is kept only when legacy device compatibility is required.

Is zipalign still necessary?

Yes. It remains part of a clean release workflow and should happen before final signing.

Can I store passwords in Gradle files?

Avoid plain-text secrets in source files. Use secure credential storage, environment variables, or IDE password storage where appropriate.

Related Guides

Handle This Workflow Faster with ADB Pro

Run Android release checks, signing, AAB handling, R8 rules, and resource obfuscation without leaving your JetBrains IDE.

View PricingStart Free Trial