Authenticity in Native Android applications
This is a continuation of the Application Authenticity Protection tutorial.
Adding required files
From the MobileFirst project's Native API folder, copy the following folders to your native's project
The application-descriptor.xml file
You modify the
application-descriptor.xml file of your application by adding a security test and a public signing key.
Adding the security test
securityTest attribute to the Android or iPhone/iPad environment element. For example:
Adding the public signing key
- Extract the public signing key of the certificate that is used to sign application bundle (
- If the application is built for distribution (production), extract the public key from the certificate that is used to sign the production-ready application.
- If the application is built in the development environment, you can use the default public key that is supplied by the Android SDK. You can find the development certificate in a keystore that is in a
You can extract the public signing key either manually or by using the wizard that MobileFirst Studio provides.
Extracting the public signing key by using the wizard
- Right-click the Android NativeAPI folder and select Extract public signing key.
- Specify the location and the password of a keystore file and click Load Keystore. The default password for
- Set the Key alias and click Next.
- Click Finish to automatically paste the public signing key to the relevant section of the
A dialog displays the public key.
If you decide to change the value, make sure that you change it in both locations.
You can also edit the
application-descriptor.xml file directly to add the package name: