What all am I supposed to use the keystore for regarding apps?

Question

In Android, to create release-version of the apps, you need to make signed APKs which requires a keystore file which somehow proves that the file is yours.

Do you just use this keystore indefinitely for all your apps? Or do you need a new keystore for every app? Every flavor? What's the purpose / correct usage?

Answer 1

As stated in this thread, you may use the same keystore for any number of applications.

Also based from this documentation, you should sign all of your APKs with the same certificate throughout the expected lifespan of your apps. There are several reasons why you should do so:

• App upgrade: When the system is installing an update to an app, it compares the certificate(s) in the new version with those in the existing version. The system allows the update if the certificates match. If you sign the new version with a different certificate, you must assign a different package name to the app—in this case, the user installs the new version as a completely new app.
• App modularity: Android allows APKs signed by the same certificate to run in the same process, if the apps so request, so that the system treats them as a single app. In this way you can deploy your app in modules, and users can update each of the modules independently.
• Code/data sharing through permissions: Android provides signature-based permissions enforcement, so that an app can expose functionality to another app that is signed with a specified certificate. By signing multiple APKs with the same certificate and using signature-based permissions checks, your apps can share code and data in a secure manner.

Additional references:

• Same Keystore for different app
• One Keystore meant file for all my apps or one per app?