Typically, Android APKs/ZIPs need to be signed, so Android can verify that nobody has modified the code before the apk/zip is installed. When you modify the contents of an apk/zip, you break the signature so you have to resign it. You can either do this with ‘test keys’ or ‘private keys’.
While developing and testing, you should use test keys. This creates a random key based on a known password. Most ROM devs use testkeys as it is much easier, however there are dangers of doing this.
When the apk is ready for release, you should use private keys. This means that nobody else can impersonate your key (unless they know the password), so people can be sure that it’s coming from you and that nobody has modified it. Private keys are much more secure, however it is a bit harder to sign this way.
Sign with Test Keys
This is the easier method by far, and the best way to do it is to grab ZipSigner from the market, then put your apk on your sd card and tap ‘Choose In/Out’ in the app. Then leave ‘Key/Mode’ on auto, and tap ‘Sign the File’. Once this is complete, you should have a signed apk/zip in your SD card.
Sign with Private Keys
If you are using Eclipse with the ADT plugin setup correctly, you can use the Export wizard in Eclipse to create a private key and sign your app.
If you are on Windows download OpenSSL and extract it somewhere on your hard drive like C:\signapk. Linux/unix/Mac users do not need to do this.
- Now download SignAPK and extract it to C:\signapk (or /home/user/signapk for linux)
- Put the apk/zip you want to sign in that folder too