Posted by Dom Elliott, Product Manager, Google Play
Google Play's first priority is to build a trusted, safe, and secure platform for billions of users and millions of developers for many years into the future. The sustainability and success of the ecosystem depends on this.
As part of this goal, almost two years ago, we announced app signing by Google Play. With app signing by Google Play, Google manages and protects your app's signing key for you and uses it to sign your APKs for distribution. It’s a secure way to store your app signing key that helps protect you if your key is ever lost or compromised. If you’re not enrolled in app signing and you lose your signing key, you’ll lose the ability to update your app.
App signing by Play also enables you to publish your app or game with the Android App Bundle, the recommended publishing format in use by over 500,000 apps in production on Google Play. The Android App Bundle reduces the size of your app, simplifies your releases, and unlocks next generation distribution features such as dynamic features and dynamic asset delivery.
Developers often have questions when enrolling in app signing for the first time so my colleague has written a Medium post with answers to some frequently asked questions. Read the post to find out more about the benefits of app signing, how we protect developer keys, and to learn about features like key upgrade for new installs and the new source stamp that bundletool will start adding to apps published with app bundles to give you more peace of mind about Play-signed apps.