Am I supposed to generate a new keystore for every app?

Am I supposed to generate a new keystore for every app? Or am I supposed to have only one keystore and put it in every app I create?

Solution

YS Yeo wrote:

Am I supposed to generate a new keystore for every app? Or am I supposed to have only one keystore and put it in every app I create?

Hi,

yes, you can use the same keystore to sign multiple apks, without a problem. You can also use the same alias (each alias is a certificate) to sign multiple apks, and it will work. It has security implications, however. If your single alias is compromised, then all of your apps will have been compromised.

However, if you intend to sell the rights to your apps one day, then using the same alias for all of your apps may not be a good idea. However, using the same keystore, provided you use a different alias for each apk, may not necessarily be a bad option.

To make it very clear, a keystore is just that, a storage medium for keys. It plays no actual part in the process of signing an apk, but only serves to store the keys which are actually used to sign the apk.

Hope it Helps,

Thanks


Solution