Unity Android Keystore and Keystore Manager Overview

Posted on

What is an Android Keystore?

An Android Keystore is a secure container used to store cryptographic keys for your app. It is required for signing Android applications before they are distributed. Every Android application must be digitally signed with a certificate, which ensures the authenticity and integrity of the app.

What is the Unity Keystore Manager?

Unity’s Keystore Manager is an interface within Unity that helps you create, manage, and use keystores for Android applications. You can access it in the Player Settings when building an Android application. Unity’s Keystore Manager simplifies the process of signing your app by integrating keystore management directly into your project workflow.

Why Do You Need an Android Keystore?

  1. Signing Your Application: Android requires all APKs or AABs to be signed with a certificate for installation. Without signing, the app cannot be installed on devices or distributed on Google Play.
  2. App Updates: The same keystore must be used to sign app updates to ensure users receive updates without issues.
  3. Verification: It establishes your identity as the app developer.
  4. Google Play Requirements: To publish your app on Google Play, signing with a keystore is mandatory.

How to Create a Keystore in Unity?

  1. Access Player Settings:
    • Go to File > Build Settings.
    • Switch the platform to Android if not already set.
    • Click on Player Settings.
  2. Set Keystore and Key:
    • In the Publishing Settings section of the Player Settings window, find the Keystore section.
    • Select Custom Keystore.
  3. Create a New Keystore:
    • Click on the Keystore field and select Create New.
    • Enter a location to save the keystore file and choose a secure location.
  4. Set Keystore Credentials:
    • Set a password for the keystore.
    • Add an alias (name for the specific key within the keystore).
    • Enter the key password (different or the same as the keystore password).
  5. Fill Key Details:
    • Fill in fields like First and Last Name, Organizational Unit, Organization, City, State, and Country.
  6. Save the Keystore:
    • Save the keystore file securely.
  7. Use Keystore for Signing:
    • Select the keystore and alias in the Player Settings for signing your app during the build process.

When Do You Need an Android Keystore?

  • During Development: For testing, you can use a debug keystore automatically provided by Unity, but for production, a custom keystore is required.
  • Before Publishing: To publish on Google Play, you must sign your app with a keystore.
  • For Updates: Ensure you keep the same keystore, as updates require signing with the original keystore used for the initial release.

Where Should You Store the Keystore?

  • Secure Locations:
    • Use encrypted storage (e.g., a secure USB drive or a cloud-based password manager).
    • Avoid storing the keystore directly in your project folder or on public repositories like GitHub.
  • Backup Your Keystore:
    • Create multiple backups of your keystore file and its passwords. Losing this file or forgetting the password will prevent you from updating your app.
  • Access Control:
    • Limit access to the keystore to trusted individuals or roles within your organization.

Best Practices for Keystore Management

  1. Use a Strong Password:
    • Ensure your keystore and key passwords are complex and hard to guess.
  2. Backup Regularly:
    • Maintain at least two secure backups of your keystore in different locations.
  3. Do Not Commit to Source Control:
    • Never include your keystore file in version control (e.g., GitHub).
  4. Store Securely:
    • Use secure password management tools to store keystore passwords.
  5. Enable Google Play App Signing:
    • Google offers app signing by Play, where you upload your app’s signing key to Google. This offloads key management to Google, reducing the risk of losing your keystore.
  6. Document Credentials:
    • Keep a record of your keystore location, alias, and passwords in a secure location.
  7. Review Permissions:
    • Regularly review who has access to your keystore.

By following these guidelines, you ensure your app signing process is secure and compliant with Android and Google Play requirements.

Leave a Reply

Your email address will not be published. Required fields are marked *