APK (Android Package Kit) is the traditional file format for Android apps. APKs are very convenient for testing your app prior to release. You can easily download and install them on any Android device. The same APK is used for all supported devices and contains all assets those devices require, including image assets at various resolutions and native libraries for various CPU types.
In an effort to reduce app download sizes, Google has introduced a feature called Dynamic Delivery. Dynamic Delivery creates an APK on the fly that only contains the assets necessary for each device that downloads the app from the Play Store. To support Dynamic Delivery, the app needs to be uploaded to Google Play as an Android App Bundle (AAB). App Bundles are only used by Google Play to upload apps, and they cannot be installed directly onto devices.
Android devices install apps packaged as APKs. APKs are signed by a release key to protect against unauthorized changes. When an app is updated, the device verifies that the new APK is signed by the same release key as the currently installed APK.
Median signs each app with a randomly generated release key. If you need to create release builds from source code, please contact support to obtain your release key.
For APKs, Google Play supports the traditional app signing by the developer (either you or Median), or app signing by Google. Developer-signed APKs are delivered untouched to user devices. If you opt for app signing by Google for a new app, Google internally generates a release key and resigns any uploaded APKs with their key. It is impossible to retrieve the release key from Google. The key that signs the APK you upload to Google becomes an "upload key", used by Google Play to verify that new updates are coming from the same developer.
App Bundles must be signed using Google Play App Signing.
Developer Signing has the advantage of being able to update an app outside of Google Play, as you are able to create an APK with the same signing key as the user's device. The downside is that you are completely responsible for managing the release key. If the key is lost, your app cannot be updated and you will need to create a new app with a new identifier and Google Play listing.
Google Play App Signing signing passes the key management responsibility to Google. The key used to sign the uploaded APK or AAB is only used to verify uploads to Google Play. If the upload key is lost, it can be reset by contacting Google support. Google Play signing is required to support Dynamic Delivery and Android App Bundles.
|Upload to Google Play and install directly on devices||Upload to Google Play only|
|No reduction in download size via dynamic delivery||Supports dynamic delivery|
|Supports developer or Google signing||Google signing only|
|Developer Signing||Google Play App Signing|
|Can update outside of Google Play||Updates only through Google Play|
|Developer manages release key||Google manages release key, developer has upload key|
|Lost release key requires new app||Lost upload key can be reset|
Note that you may have opted into Google signing when initially creating your app on Google Play. If so, you can immediately start using Android App Bundles.
For Google to start signing your apps that have already been published, Google needs your original keystore. It needs to be encrypted in a special format readable only by Google. Please contact Median Support with the manage link for your app to request assistance converting to Google signing. Additionally, best practice dictates your apps (whether APK or AAB) uploaded to Google Play after conversion should be signed with a new key, known as the "upload key". Median support will make this change for you and provide you with a certificate for your upload key, which you will also send to Google.
For further reading on Android App Bundles and Signing, please see:
Updated 4 months ago