We are using maven to build our Android applications in Jenkins for testing and for publishing them to the Play Store. Recently I started to have problems with the Play Store saying that the APK files were not signed or not aligned so I upgraded the Android Maven plugin and adapted the pom.xml files. Finally I was able to submit the signed and aligned APK files again to the Play Store – everything fine again, at least I thought so.
An hour later I got the first mail from a user telling me that he hat troubles installing the update of the app from the Play Store. The error message said something about the certificate so I tried it myself and got the message
when trying to install the app on my device. I was confused because the app was signed, it contained the certificate information in the META-INF directory and the MANIFEST file and the Play Store validated it as signed.
Some research brought up this article about Android’s Problem with JDK7 and I remembered that I recently installed JDK7 on my MacBook. It turns out that there is a difference in JDK7 regarding signature algorithms and ant has a problem with it too. So to get APK files that are signed correct I had to configure the signature and digest algorithm the maven-jarsigner-plugin uses as described here:
<arguments> <argument>-sigalg</argument><argument>MD5withRSA</argument> <argument>-digestalg</argument><argument>SHA1</argument> </arguments>
Conclusion: Always test APK files after signing!