jhugman
commented
10 years ago This requires two steps:
- prevent the ant script from signing the APK.
- finishing off the processing of the signed APK.
Building an unsigned APK
Currently, the location of the keystore and various configuration is stored in the project.properties directory. Removing these will cause the current invocation of ant clean release to produce an unsigned APK to be produced. This is found in bin/${manifest.name}-release-unsigned.apk. Official documentation
Post signing
Use the zipalign tool to optimize the signed APK.
zipalign -v 4 your_project_name-signed.apk your_project_name.apk
ozten
We need to isolate the signing step so that it can be performed on a different service using an HSM.