Concerns about keystore's password used to sign app

Question

We are about to release our app to production but there is one problem. I have signed the apk for closed beta testing with a relatively easy to remember password and now I have to use the same password to production.

I initially thought that when we release to production I have to sign the apk with another password/key. What should I do now ? Should I tell the owners to unpublish this listing and create a new one with another package name so I can then signed it with a more secure password?

Os since keystore is safe we shouldn't really care about the password?

score 2 · Accepted Answer · answered May 25 '17 at 12:41

2

Your application is signed with digital certificate (combination of private/public keys).

Keystore as its name implies is safe storage (box) for that certificate and password is actually password for the storage (box) itself. It prevents unauthorized usage of your certificate (if someone can gain access to it - on your computer or wherever you have stored your backup copies of it).

This password is not in any other way related to certificate and its value has no influence on end result - signed APK.

So you don't have to worry about releasing APK using your same simple keystore password.

Also you can change that password at any time as you wish without changing your certificate: change keystore password

answered May 25 '17 at 12:41

Dalija Prasnikar

24,159
30
74
140

Can I also somehow change the password of the key ? Thank you! – vicolored May 25 '17 at 12:57
2

[How to Change JKS KeyStore Private Key Password](http://xacmlinfo.org/2014/05/26/how-to-keystore-changing-java-key-store-passwords/) – Dalija Prasnikar May 25 '17 at 12:59
I had just found this site! Thanks again!! – vicolored May 25 '17 at 13:02

Concerns about keystore's password used to sign app

1 Answers1