This article describes how to prepare a Blue Cedar-secured app for distribution via Google Play; you do not need this information if you plan to deliver secured apps only via enterprise app catalogs.
When you’re ready to make your Android app available to users, prepare the APK with basic code cleanup and optimization, building and signing with your release key, and final testing. See the Android developers checklist for complete details. This article describes how to sign your Blue Cedar-secured app appropriately.
Choosing the signing method
Only Blue Cedar Enterprise (on-premises) users need to choose a signing method.
Blue Cedar Enterprise (hosted) and Blue Cedar Enforce support external signing only and can skip this section.
To set the default signing method:
- In the Policy Console, click Settings > Android.
- Under Code Signing Type, select Sign Externally.
To set the signing method for a specific app:
- In the Policy Console, click Apps > Android > desired app.
- Under App Signing > Code Signing, select Sign Externally.
Adding your app store key
In order to submit your app to Google Play you need to sign the app with an approved release key.
To do this, apply a signing profile that includes the appropriate Android keystore details. See Using and configuring signing profiles for details.
If the app was delivered via Google Play before adding Blue Cedar security, be sure to use the same key that was originally used for the app.
Securing the app for external signing
With Sign Externally set:
- Select and apply policies as described in the policy console documentation .
- After securing the app, click Export for Signing to download a zip file that includes a copy of the secured app and signing components.
Once your keystore is ready with your release key, in the directory with the extracted files, run the script:
$ cd exported-com.qwe.myapp $ sh sign.sh
After the shell script finishes executing, it produces a secured app suitable for upload to Google Play through Google's standard app process.