After completing the Signing APP procedure using the ADT plugin for Eclipse , I checked the manually signed apk ( described below on the same page ) with:
$ jarsigner -verify -verbose -certs my_application.apk
And each entry was signed correctly [s and sm], but in the end it seemed:
Attention:
This bank contains records whose certificate chain has not been verified.
This jar contains signatures that do not contain a timestamp. Without a timestamp, users may not check this after the expiration of the subscriber’s certificate (2040-01-01) or after any revocation date in the future.
Is it better to upload apks to Goggle Play in order to have jar (apk) records with a verified "certificate chain" and with time-stamped signatures? ... Why (and why Export ). If this is better, what should I do?
Zipalign is offered at the end of this page:
$ zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
Checked all successfully.
source share