Android Signing Configuration
Overview
Section titled “Overview”To publish your Android app on the Google Play Store, you must sign it with a release keystore. This ensures the app comes from a trusted source and enables app updates.
The project includes conditional signing configuration that:
- Uses your release keystore when
key.propertiesis configured - Falls back to debug signing if no keystore is present (for development)
- Never breaks the build
Prerequisites
Section titled “Prerequisites”- Android SDK installed
- Java JDK (for keytool command)
- Google Play Developer account ($25 one-time fee)
Quick Steps
Section titled “Quick Steps”1. Generate a Keystore
Section titled “1. Generate a Keystore”Create a new keystore file:
macOS / Linux:
keytool -genkey -v -keystore ~/upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias uploadWindows:
keytool -genkey -v -keystore %userprofile%\upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias uploadYou will be prompted for:
- Keystore password
- Key password (can be same as keystore)
- Your name, organization, location
2. Create key.properties
Section titled “2. Create key.properties”Copy the template file and fill in your details:
cp android/key.properties.template android/key.propertiesThen edit android/key.properties:
storePassword=your_keystore_passwordkeyPassword=your_key_passwordkeyAlias=uploadstoreFile=../app/upload-keystore.jksTip: The template file is already included at
android/key.properties.templatefor your convenience.
3. Move Keystore File
Section titled “3. Move Keystore File”Place your .jks file in the android/app/ directory:
mv ~/upload-keystore.jks android/app/4. Verify Configuration
Section titled “4. Verify Configuration”The build.gradle.kts is already configured with conditional signing. It will automatically detect your key.properties file and use it for release builds.
The configuration works like this:
- If
key.propertiesexists → Uses release signing with your keystore - If no
key.properties→ Uses debug signing (for development)
This means the app will build successfully whether or not you’ve configured signing yet.
Build Release APK/App Bundle
Section titled “Build Release APK/App Bundle”After configuring signing:
# APKflutter build apk --release
# App Bundle (recommended for Play Store)flutter build appbundle --releaseOutput locations:
- APK:
build/app/outputs/flutter-apk/app-release.apk - AAB:
build/app/outputs/bundle/release/app-release.aab
Security Best Practices
Section titled “Security Best Practices”Never Commit Signing Files
Section titled “Never Commit Signing Files”The following are already excluded in .gitignore:
android/key.properties*.jks*.keystore
Always keep your keystore file backed up securely (e.g., in a password manager or secure cloud storage).
Keystore Security
Section titled “Keystore Security”- Use strong passwords - Minimum 8 characters with mixed case, numbers, and symbols
- Back up your keystore - If you lose it, you cannot update your app
- Store passwords securely - Use a password manager
- Different keystores for different apps - Don’t reuse keystores
Upload to Play Store
Section titled “Upload to Play Store”- Log in to Google Play Console
- Create a new app
- Upload your signed AAB file
- Complete store listing information
- Submit for review
Troubleshooting
Section titled “Troubleshooting””Could not read key.properties”
Section titled “”Could not read key.properties””Cause: File doesn’t exist or path is wrong
Solution:
# Verify file existsls android/key.properties
# Verify path in key.properties points to correct location# Should be: storeFile=../app/your-keystore.jks“Keystore file does not exist”
Section titled ““Keystore file does not exist””Cause: .jks file not in correct location
Solution:
# Move keystore to android/app/mv your-keystore.jks android/app/Wrong Keystore Password
Section titled “Wrong Keystore Password”Cause: Password in key.properties doesn’t match the keystore
Solution:
- Double-check the password in
key.properties - If you forgot the password, you cannot recover the keystore
- Create a new keystore and update your Play Store listing
Build Still Uses Debug Signing
Section titled “Build Still Uses Debug Signing”Cause: key.properties not found or misconfigured
Solution:
# Check if file existsls -la android/key.properties
# Check contents (don't share this output!)cat android/key.propertiesAdvanced: Manual Configuration
Section titled “Advanced: Manual Configuration”If you need to customize the signing configuration, edit android/app/build.gradle.kts:
// Located near the top of the fileimport java.util.Properties
// Load keystore properties if they existval keystorePropertiesFile = rootProject.file("key.properties")val hasKeyProperties = keystorePropertiesFile.exists()
android { // ... existing configuration ...
signingConfigs { create("release") { if (hasKeyProperties) { val keystoreProperties = Properties() keystoreProperties.load(FileInputStream(keystorePropertiesFile))
storeFile = file(keystoreProperties["storeFile"] as String) storePassword = keystoreProperties["storePassword"] as String keyAlias = keystoreProperties["keyAlias"] as String keyPassword = keystoreProperties["keyPassword"] as String } } }
buildTypes { release { // Uses release signing if key.properties exists, otherwise debug signingConfig = if (hasKeyProperties) { signingConfigs.getByName("release") } else { signingConfigs.getByName("debug") } } }}Related Guides
Section titled “Related Guides”- Publishing Preparation - Customize package name and icon
- iOS Signing - Configure iOS certificates