[MUSIC PLAYING] WOJTEK KALICINSKI: Hi. In this video, I'm
going to show you how the process for opting into
Play App signing looks like and what choices are
available to you. Why are we talking about
Play App signing, though? Well, modern
Android distribution starts with the Android
App Bundle format. You build an app bundle from
your Android Studio project and upload it to the Play
Console to publish your app. Now, a bundle is not installable
on an Android device. Play uses that bundle to
generate optimized APKs that will be sent to users' devices. We'll talk more about this
process in the next video, but suffice to say, the
APKs that are generated have to be signed before
they can be installed. And so the need arises
for a safe and secure way to store your signing key on
Google Play's infrastructure that will be used for signing
your app for distribution on your behalf. And app optimizations
are not the only benefit. By not having to manage
the key themselves, developers mitigate the
risk of losing or leaking their app signing key. OK, let's jump straight in and
see how the Play App signing enrollment process looks like. I'm going to show you two flows,
one for newly created apps without any published versions
and one for existing apps. I'm here in the
New Play Console, and I've just started
creating a new app. Let's name it Fresh
Mad Skills app. It's an app, and it's free. Confirm developer
policies, and go. Now, when I open the app
signing page on the left nav, it tells me that in order
to enable app signing, I actually need to
create a release. I'll go ahead and do that
in the internal track, since I don't want to
release my sample publicly. Now, when I create
a first release, you'll see that the first
item here is actually Play App signing, and
it's enabled by default. For most apps and games, the
recommended and most secure approach is to click Continue. Google Play will generate
an app signing key for you and store it safely. There are some
advanced options too. When I open the advanced
preferences here, you can see that by
default, Play App signing will generate a new key for me,
which is the most secure way to opt in. However, this choice
is irreversible, meaning you cannot change your
mind later without setting up a new app. And the key that's
generated by Play is not downloadable
through any means, neither in the Play Console nor
by contacting support, which means no one will be
able to obtain it, even if they somehow gained
access to your Play account. This is the recommended option. But not having
access to the signing key might not be the
right choice for everyone, particularly if you
need to be able to sign your app with the
same key locally, which you won't be able
to do in this case. Fortunately, we
have other options. The second one here is easy, so
let me explain it really quick. If you have another
app configured for Play App signing on
your developer account, you can simply reuse its key. Please note that this is
useful for certain scenarios, such as for sharing
data between apps. However, if you're not
using this functionality, it's a good idea to set up
your apps with separate keys just to avoid any potential
security or privacy risks. Moving on, now is the part
where it gets interesting. Here, Play gives you the
option to upload your own key that you already own locally. This is the only way in
which you can retain the key and have Play use
it for signing. Why would you want
to retain your key? One reason for
developers to do this is to be able to
locally build and test apps with the same signature
as the one Play generates. Of course, it's not
strictly needed, as other alternatives exist for
testing, such as using the App Bundle Explorer in Play Console
to download signed versions, using the internal testing
track, or internal app sharing. We'll talk about these in
one of the later videos in this series. Another reason is
if you want to be able to distribute standalone
APKs signed with the same keys to other stores. But again, it's not
strictly required. You can use separate keys
for different stores. Just remember that
in that case, users won't be able to
update apps using a different store than the
one used to install it. Now I just wanted to go
through a few of the things that we see here
in the interface. First, the PEPK tool download. You will use it to encrypt
the key for transfer to Play so that it
can't be intercepted. Remember to always use the PEPK
download that Play provides here for maximum security. And if you really want to verify
what's going on in the tool, there's the source
code download link too. Step two and three tell you
how to run the tool and upload the encrypted key, but step
four is really important. Even though it's
optional, I highly recommend everyone do what it
says and create a new upload key. Why? If you continue using your app
signing key for your releases, you run the risk that,
perhaps through human error, the key will leak. And there's not much you
can do once it's out. You can't undo the damage. If you use a separate
upload key just for signing the versions
you produce on your machine and publish to
Play, that key can be easily reset by
contacting Play support. And even if it
leaks, it can't be used by a malicious
third party to create APKs impersonating your own. So I hope you understand why
using a separate upload key is so important. OK, let's move on to
the last two options. Option four is the
same as option three, really, where you upload
a key for Play app signing that you generate. However, it doesn't assume
that you have the key in a Java keystore file. You can just take
the PEPK source code and integrate it with your
custom key management server, if you have one, then upload
the resulting zip file. And the last option
is to opt out of Play app signing
for this app. If you opt out during
your first release, you can change your
mind later and opt in to Play app signing by
uploading your signing key even after you've released your app. Until you do, it is
your responsibility to keep the key safe. Be warned, if you
lose your signing key, there's nothing Google or anyone
can do to help you recover it, and you won't be able to
publish updates to your app. As promised, here's
how this flow looks for an existing
app that was published using self-signed APKs. In this case, because
the app was previously released already, app signing
can be enabled and configured on the app signing page
here in the left nav. The first thing you'll
notice is that the option to generate the key on Play
infrastructure is missing. To opt into app signing, I'll
need to upload my own app signing key. And not just any key. It has to be the one
that was used to sign previous releases of the app. You can use any
of the two methods that we've gone over when
creating a new app, which are using the PEPK download
that we provide to export a key from a Java keystore,
or taking the PEPK source code and using it with your
own custom integration. There is another option
here, though, that helps you streamline the
process for existing apps. You can use Android Studio
to export the key for you. Let's quickly switch to a
project open in Android Studio. Now when I go to the Build menu
and generate a signed bundle, I can tick this checkbox to
export the key while building my release. Then choose that file for
upload in the console, and you're done. There is no
functional difference between any of the three
options here, as in each case you end up with a
private key that was used for previous
versions of the app uploaded to Play app signing. In each of the
three options, you are also asked to
create a separate upload key, which I suggest you
do for increased security. And finally, remember
that you won't be able to download the key
that you just uploaded to Play. So think carefully
if you still need it for the reasons I outlined
earlier in this video. Otherwise, consider
deleting the key or putting it into safe storage
to minimize the risk of leaks. That's all for this video. I hope you learned the pros
and cons of each of the choices you make when opting
into Play app signing. But if you have any
additional questions, I recommend you read my article
on "Medium," conveniently titled, "Answers
to Common Questions About Play App Signing." The article goes
into more detail about some of the more advanced
features of Play app signing, such as the ability
to upgrade compromised keys for new installs. Enjoy the rest of
this playlist, where we'll talk more
about app bundles and the types of
delivery optimizations they enable thanks
to the ability to sign apps on the server. Enjoy. [MUSIC PLAYING]
