Signed Theme APKs
You can export signed APK files directly from the Theme Creator program. APK files must be signed for you to be able to publish them on Google Play. You will need a key, plus a keystore, to sign your Theme APK. Key and keystore topics are discussed in further detail below.
Important: Keys are impossible to recover if you lose them. If you lose them, you will not be able to update your themes on Google Play anymore. Always keep your keys (and keystores) copied to multiple (safe) locations, and make sure that you don’t forget your password to either the keystore or key.
A keystore is where you keep your keys. Think of it as a cabinet where you put your keys when you aren’t using them. These cabinets (in real life) sometimes have a lock on them, and the same is true for keystores. The lock in this case is a password. You must know the keystore password in order to access the keys inside it.
You don’t sign any applications with the keystore itself, but you use the keys inside it.
A key is something used to sign the actual theme APK. You use it to give the APK a signature (almost like a fingerprint) that only the key holder is able to produce. This is how phones verify that a theme update comes from the actual developer and not a malicious third party.
Android is very strict when it comes to handling updates. An update of an application must be signed with the same key as the previous version. Therefore it is absolutely vital that you don’t lose your keystore or forget its password.
As with keystores, keys cannot be used unless you know their passwords.
How to export a signed APK from Theme Creator
To export a signed APK from Theme Creator, click the menu “Build” -> “Export Signed APK”. Before actually exporting an APK, you will need to import or create a key.
Import a key
If you or your company has already published apps, you probably already have signing keys, which you can import into the Theme Creator. Do this by using the “Add key from file” option.
Create a key
Creating a key consists of two main tasks:
- Decide what keystore you want to put the key in.
You can use an existing keystore, or you can create a new one.
If you or your company already has a keystore, then it might be easier to simply insert your new key into that keystore rather than having a separate keystore for it.
If you create a new keystore, then you must give it a password of at least 6 characters. We recommend a longer password longer than 6 characters, and use a combination of letters, numbers and special characters to make the password more secure.
- Decide attributes for the key.
The “key alias” is the name that you use when referencing the key inside the keystore. This isn’t visible to any end users, so just chose something that works for you.
There are multiple identifying attributes you can add that are visible to the end users. Only one is required: common name. Here you normally put your website or your name if you don’t have a website. When signing the theme, this information is added to the APK file and end users will be able to read it. To make your key more personal you can add the other fields such as “Organization Unit” and “Organization Name” as well, but they are optional.
Export the signed APK
Finally, when you have either imported or created a key, you can sign the APK. Your key alias should now be visible in the pop-up window that appeared when you clicked “Export Signed APK”. Click it to confirm that this is the key you want to sign with. You will be prompted for the password for the key and keystore. If they were correct, then you will be asked where to export to and then the build will start. The produced APK file is signed and ready for distribution on Google Play.
Important note: For security reasons, the Theme Creator never stores your key passwords anywhere. We only store the location of the keystore and the alias inside it. The key data is temporarily held in memory while the theme is being built, and then it is immediately discarded.
For more information on what signing keys are and how to use them, we recommend reading Android’s official signing documentation.