Allow Unsigned APKs on Android

Android requires that all APKs be digitally signed with a certificate before they are installed on a device or updated. Scalefusion provides the feature of signing of an unsigned apk file which can then be uploaded through the Enterprise Store, thereby installing the app on devices.

This document guides you through some important concepts related to app signing and how to sign your app to make it ready for uploading via the Enterprise Store.

How it Works

The admins are required to generate or download a signing certificate used for signing enterprise APKs that you upload to the enterprise store. This certificate is generated via the Scalefusion Dashboard.

When an unsigned apk is uploaded through the enterprise store, the verification of the certificate is done, after which the apk gets uploaded and can then be published on Scalefusion Managed Android devices.

Creating a Certificate

1. On Scalefusion Dashboard, navigate to Getting Started > Android Enterprise Setup > Android APK Signing Certificate
2. Complete filling up this section by entering all details of the certificate.
3. After entering details, click on Generate
4. The certificate gets created and is displayed as shown below
   

Important Points to note

• A certificate, once generated, cannot be deleted, or the details cannot be edited either
• The heading Android APK signing certificate is also marked by a green tick which denotes that the certificate is successfully generated.
• After the certificate is created, there is a download button at the bottom that lets the admin download the certificate. The certificate gets downloaded as a file in zip format which can then be given to the application developer for signing the apk.

Upload Unsigned APK to Enterprise Store

If the admin doesn't give a zip file to the app developer to get it signed, the other alternative is to upload the unsigned apk through Scalefusion's Enterprise Store. It gets verified (signed) with the certificate generated (by following the steps above), and then the app can be published on devices.

1. Navigate to Application Management > Enterprise Store
2. Click on Upload New App > Upload Android app
3. Under Upload APK File, either Drag and drop the unsigned APK file or click on Browse Files and browse the file on your machine.
   Link to External APK can also be chosen to provide the link for the apk file
   
4. Once you upload the file, Scalefusion checks the validity of the APK file. Since the apk is unsigned, you get the following window with a message to either sign it with a certificate which would then upload the apk and install the app or give the information to the app developer to sign the apk.
5. Click on one of the following:
   1. Custom Sign: This option lets you use a custom signing certificate (generated through Scalefusion) to sign this APK
   2. Cancel: If you do not want to use a custom signing certificate, click on Cancel and give the app's information, displayed here, to the application developer, who can get the apk signed.

When you click Custom Sign, the verification for the certificate already generated takes place. This can take a few minutes.

Once the verification succeeds, then you will be shown a dialog with the App Information and the list of Device Groups / Device Profiles / Device(s) on which the app can be published.

This completes the process of signing an unsigned apk and then publishing the app on managed devices.

Certificate Mismatch

If you are uploading an upgraded version of a signed apk and there is a certificate mismatch because the signatures of both versions (of apk) are different, the previous version first needs to be uninstalled only then the upgraded version will get installed. In this case following window will be displayed:

Choose one from the following:

a. Uninstall & Upgrade: Clicking on this will continue uploading the upgraded version of apk and show the Publish dialog.

b. Cancel: Clicking on this will cancel the process, and the admin can contact the developer of this app to get a version matching with previous signature.