Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article explains how to manually code sign your Android (APK) app for Power Apps wrap. Sign your app for Android if you select Android as one of the platforms when you create and build your wrap project.
Important
To sign an AAB app for Google Play distribution, see Sign your app.
Before you begin
Required software
Before you begin, install and set up:
- Android Studio
- OpenSSL
- apksigner tool (included with Android Studio)
Prerequisites
You need:
- The application name to create the hash key.
- The latest APK file to sign in.
Note
Use the .jks extension for manual signing and the .pfx extension for automatic signing.
Generate key and signature hash
Note
Skip to Manual signing if you already generated keys and the signature hash when you created the app registration.
Set up environment variables
If you don't set environment variables:
- Download and install Android Studio and OpenSSL.
- Add
keytoolandopensslto your PATH environment variable:- Add
C:\Program Files\Android\Android Studio\jbr\binto your PATH. - Add the path of
openssl.exe(for example,C:\Program Files\OpenSSL-Win64\bin) to your PATH.
- Add
For manual signing process
Generate signature hash key
Run this command in the command prompt as an admin to generate a key:
keytool -genkey -alias powerappswrap -keyalg RSA -keystore powerappswrap.jks -keysize 2048 -validity 10000
When prompted:
- Enter a password for your keystore.
- Enter your name, organization, location, and other required details.
- Confirm the information.
Generate certificate
Run this command to generate certificate
keytool -exportcert -alias powerappswrap -keystore powerappswrap.jks | openssl sha1 -binary | openssl base64
When prompted, enter the keystore password you created earlier.
Parameters explained:
| Parameter | Description |
|---|---|
| genkey | Command to generate a key |
| alias | Alias for the keystore entry |
| keyalg | Key algorithm name |
| keystore | Name of the keystore |
| keysize | Size of each key |
| validity | Validity of the key in days |
For automatic key vault signing process
Generate signature hash key
Open a command prompt as an admin and run this command to generate a key:
keytool -genkey -alias powerappswrap -keyalg RSA -keystore powerappswrap.pfx -keysize 2048 -validity 10000
When prompted:
- Enter a password for your keystore.
- Enter your name, organization, location, and other required details.
- Confirm the information.
Generate certificate
Run this command to generate a certificate:
keytool -exportcert -alias powerappswrap -keystore powerappswrap.pfx | openssl sha1 -binary | openssl base64
When prompted, enter the keystore password you created earlier.
Parameters explained:
| Parameter | Description |
|---|---|
| genkey | Generates a key. |
| alias | Alias for the keystore entry. |
| keyalg | Key algorithm name. |
| keystore | Name of the keystore. |
| keysize | Size of each key. |
| validity | Validity of the key in days. |
Manual signing of APK package (Not for KV signing)
Follow these steps if you don't use automatic sign-in during wrap or if you try to upload an AAB file for Play Store. To avoid repeating this process, use automatic sign-in when possible.
Locate the apksigner tool
- Open Android Studio.
- Go to Tools > SDK Manager > Android SDK Location to find your SDK path.
- In the SDK directory, navigate to:
- build-tools > [version number] > find apksigner.bat (Windows) or apksigner (Mac/Linux)
- Or: build-tools > [version number] > lib > find apksigner.jar
Sign the APK file
Run this command to sign your APK:
apksigner.bat sign --ks PATH_TO_KEYSTORE --ks-key-alias KEY_ALIAS PATH_TO_APK
Parameters explained:
| Parameter | Description |
|---|---|
| ks | Path to your keystore file (for example, C:\Users\name\Desktop\powerappswrap.jks) |
| ks-key-alias | The alias you used when generating the key (for example, powerappswrap) |
| PATH_TO_APK | Full path to your APK file (for example, C:\Users\name\Downloads\MyApp.apk) |
When prompted, enter the keystore password.
Example:
apksigner.bat sign --ks C:\Users\name\Desktop\powerappswrap.jks --ks-key-alias powerappswrap C:\Users\name\Desktop\MyApp.apk
Verify the signature
After signing, verify the APK signature with:
apksigner.bat verify --verbose PATH_TO_APK
A successful verification confirms your APK is properly signed and ready for distribution.
For more information, see Android Studio command line tools: apksigner.
Distribute the app
After signing your app, you can distribute it using several methods:
Distribution options
Microsoft Intune: To distribute using Microsoft Intune, see Add an Android line-of-business app to Microsoft Intune.
Intune app protection: To give your app access to the Intune app protection service, see Give your app access to the Intune app protection service.
Direct distribution: You can also distribute the signed APK directly to users for manual installation.