Signing Android binaries in Cordova

This is based primarily on the official Cordova Docs, with other sources indicated as applicable. Using this approach, you will need to add the signing files to source control. If this is not desirable, you can take advantage of Nevercode's environment variables instead.

There are two different ways you can sign APKs with Cordova - using Gradle or build.json. The first step is the same in both cases:

Step 1.

To sign Android APKs, you need to generate a keystore. This can be done via Android Studio or, more simply, with the keytool command line utility. Following this SO example, run this command in the root folder of your project:

keytool -genkey -v -keystore release.keystore -alias app_release -keyalg RSA -keysize 2048 -validity 10000

Follow the prompts to generate passwords and enter your data, such as name, company & location. When done, you will have a release.keystore file in the root folder.

Option 1 - using Gradle:

Step 2.

Generate a .properties file. In the root folder of your project, create release-signing.properties with the following contents:

storeFile=release.keystore
storePassword=123456
storeType=jks
keyAlias=app_release
keyPassword=123456

where

  • "storeFile" is the name of the keystore file from step 1
  • "storePassword" is the password of the keystore file specified in step 1
  • "keyAlias" is the value of the -alias flag passed to the keytool command in step 1
  • "keyPassword" is the key password specified in step 1, by default the same as "storePassword"

Step 3.

The file release-signing.properties needs to be referenced by the cdvReleaseSigningPropertiesFile Gradle property. Gradle will treat your Cordova project's /platforms/android/ subfolder as root, so the file must be referenced relative to that. From Cordova docs, one way to do this is by setting an environment variable ORG_GRADLE_PROJECT_cdvReleaseSigningPropertiesFile. Locally, this can be done via

export ORG_GRADLE_PROJECT_cdvReleaseSigningPropertiesFile=../../release-signing.properties

In Nevercode, navigate to the Environment section of your project settings and create the following environment variable:

ORG_GRADLE_PROJECT_cdvReleaseSigningPropertiesFile=../../release-signing.properties

Option 2 - using build.json:

Step 2.

In the root folder of your project, create build.json file with the following settings for the Android build step:

{
  "android": {
    "release": {
      "keystore": "release.keystore",
      "storePassword": "123456",
      "alias": "app_release",
      "password" : "123456",
      "keystoreType": ""
    }
  }
}

where

  • "keystore" is the name of the keystore file from step 1
  • "storePassword" is the keystore password specified in step 1
  • "alias" is the value of the -alias flag passed to keytool in step 1
  • "password" is the password from step 1, by default same as keystore password

Commit and push all the changes.

Your next build with the release configuration will now produce a signed android-release.apk that can be published to Google Play. If you wish to sign your debug builds, follow all the steps above, substituting "debug" for "release" as appropriate and setting the environment variable ORG_GRADLE_PROJECT_cdvDebugSigningPropertiesFile if using Gradle properties.

Signing Android binaries in Cordova