Can I use the same keystore file to sign two different applications?

Android Problem Overview

I have to upload a new application, It's just the design that's a little different. Yesterday I generated the keystore file to sign application. Can I use the same?

Android Solutions

Solution 1 - Android

You can use that keystore for any number of applications.

No need to generate a new keystore.

Solution 2 - Android

I'll make a counter argument to the consensus answer so far.

I agree that for most app authors most of the time, sharing the same keystore/certificate/password between your apps will work fine. The critical thing is to use "the same certificate throughout the expected lifespan of your applications" so the app can upgrade itself.

But I can think of one very good reason to have separate keystores for separate apps or families of apps. If you think you might ever want to sell an app to someone else for them to publish as an upgrade to the original, you'll have to share your one-and-only keystore and password with them to do so. Probably not a huge issue but a bit of worry to you and, perhaps, a due diligence issue to a big-enough buyer.

Also, I really don't read the same line in the documentation the same way as @ol_v_er does. I think the current line:

> You should sign all of your apps with the same certificate throughout the expected lifespan of your applications.

(note the lack of a comma in the current version) is simply emphasizing that the 'lifetime' recommendation applies to all apps, not actually directing you to use the same certificate for all of your apps.

Solution 3 - Android

The official documentation tells us:

> In general, the recommended strategy for all developers is to sign all of your applications with the same certificate, throughout the expected lifespan of your applications. There are several reasons why you should do so ...

https://developer.android.com/studio/publish/app-signing.html#considerations

So yes, try to sign all of your applications with the same certificate.

Solution 4 - Android

I want to add some clarification here, because this question and the answers provided lead to confusion for me. It is crucial to understand what a keystore actually is.

A keystore is just a means to securely store the public/private key pair which is used to sign your Android apks. So yes, you can use the same keystore to sign multiple apks, without a problem. You can also use the same alias (each alias is a certificate) to sign multiple apks, and it will work. It has security implications, however. If your single alias is compromised, then all of your apps will have been compromised.

However, if you intend to sell the rights to your apps one day, then using the same alias for all of your apps may not be a good idea. However, using the same keystore, provided you use a different alias for each apk, may not necessarily be a bad option. I'm sure there is a way that you can move a certificate from one keystore to another, so that you can securely give the necessary keys for only that certificate to your buyer.

To make it very clear, a keystore is just that, a storage medium for keys. It plays no actual part in the process of signing an apk, but only serves to store the keys which are actually used to sign the apk.

References:

https://stackoverflow.com/questions/5724631/understanding-keystore-certificates-and-alias

https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores

Solution 5 - Android

Of course! You can use the same keystore file as many times you want. It's always better to use the same keystore file for all the applications you develop. That will help if you want to update or modify the application. At that time you need to sign your application with the same key.

Solution 6 - Android

I do sign all my apps using the same certificate (keystore). This gives an advantage if i change my mind and want my apps to share their data.

As you might know Android identifies each app with an UID. If all your apps are signed by the same certificate you can request android to assign same user id more than one app and inturn make them run in a single process and share the data.

From android doc android:sharedUserId

> android:sharedUserId > > The name of a Linux user ID that will be shared with other applications. By default, Android assigns each application its own unique user ID. However, if this attribute is set to the same value for two or more applications, they will all share the same ID — provided that they are also signed by the same certificate. Application with the same user ID can access each other's data and, if desired, run in the same process

Solution 7 - Android

Recent Update

If you want to enrol in App signing by google you have to use new different key to sign your apk or bundle otherwise after uploading google console will give you error message saying

> You uploaded an APK or Android App Bundle that is signed with a key > that is also used to sign APKs that are delivered to users. Because > you are enrolled in App Signing by Google Play, you should sign your > APK or Android App Bundle with a new key before you upload it

Content Type	Original Author	Original Content on Stackoverflow
Question	Raluca Lucaci	View Question on Stackoverflow
Solution 1 - Android	Chirag	View Answer on Stackoverflow
Solution 2 - Android	Anne Gunn	View Answer on Stackoverflow
Solution 3 - Android	ol_v_er	View Answer on Stackoverflow
Solution 4 - Android	Anthony Stivers	View Answer on Stackoverflow
Solution 5 - Android	Rohit	View Answer on Stackoverflow
Solution 6 - Android	sujith	View Answer on Stackoverflow
Solution 7 - Android	Riya Parmar	View Answer on Stackoverflow