I am an independent Android developer. I have my own keystore file, which I use to sign the apk files that I create for my clients. I provide full source code to my clients along with signed apk files. In most cases, if not always, my clients will authorize my google account to manage the Google Play Developer Console. However, I do not give away my repository to my clients ("obviously!", I think).
One of my clients, who is the home of the software, transferred the code for the published application to another home of the software because the end customer decided to change the provider. My client also transferred the current published application to the Google Play account of the new home software. The new software now requires my keystore to update the application without changing its identifier (or at least what they ask).
Now the problem is that my keystore should be private and secure, and I should not give it to anyone. I could export the certificate that I used to sign this application, with something like:
keytool -exportcert -alias ...
but I do not know two things:
1) will the exported certificate be sufficient for the new home software to update the published application without changing its identifier?
2) Will the security of other applications signed by me in the past with the same certificate be preserved?
EDIT after nasch comment:
Using a different keystore for each client (or even for each application) may seem like a reasonable workaround, but there must also be a real solution.
, , ( ), keytool , . , , , AFAIK. , , - , . , , , Software House 2 , Software House 1. .