I used these Maven settings to sign my app:
<profiles>
<profile>
<id>sign</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<version>1.2</version>
<executions>
<execution>
<id>signing</id>
<goals>
<goal>sign</goal>
</goals>
<phase>package</phase>
<inherited>true</inherited>
<configuration>
<archiveDirectory></archiveDirectory>
<includes>
<include>target/*.apk</include>
</includes>
<keystore>/home/markus/.android/release.keystore</keystore>
<storepass>mypass</storepass>
<keypass>mypass</keypass>
<alias>androidreleasekey</alias>
<arguments>
<argument>-sigalg</argument>
<argument>MD5withRSA</argument>
<argument>-digestalg</argument>
<argument>SHA</argument>
</arguments>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.jayway.maven.plugins.android.generation2</groupId>
<artifactId>android-maven-plugin</artifactId>
<inherited>true</inherited>
<configuration>
<sign>
<debug>false</debug>
</sign>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
I took this info from here: http://code.google.com/p/maven-android-plugin/wiki/SigningAPKWithMavenJarsigner. But I always got this error message "INSTALL_PARSE_FAILED_UNEXPECTED_EXCEPTION" while deploying the app to my mobile phone (Android 2.1) and "App not installed" on the phone. I tried these suggestions described here (and even more): 'App not Installed' Error on Android. But none of these solutions worked for me. LogCat shows me this error:
12-27 21:01:28.177: W/PackageParser(1165): java.lang.SecurityException: /data/app/vmdl60304.tmp failed verification of META-INF/ANDROIDR.SF
12-27 21:01:28.177: W/PackageParser(1165): at java.util.jar.JarVerifier.verifyCertificate(JarVerifier.java:350)
12-27 21:01:28.177: W/PackageParser(1165): at java.util.jar.JarVerifier.readCertificates(JarVerifier.java:273)
12-27 21:01:28.177: W/PackageParser(1165): at java.util.jar.JarFile.getInputStream(JarFile.java:416)
12-27 21:01:28.177: W/PackageParser(1165): at android.content.pm.PackageParser.loadCertificates(PackageParser.java:317)
12-27 21:01:28.177: W/PackageParser(1165): at android.content.pm.PackageParser.collectCertificate
After tinkering around half a day I figured out that this profile shown above somehow destroys the signature. When I add this part to my usual build section:
<plugin>
<groupId>com.jayway.maven.plugins.android.generation2</groupId>
<artifactId>android-maven-plugin</artifactId>
<inherited>true</inherited>
<configuration>
<sign>
<debug>false</debug>
</sign>
</configuration>
</plugin>
to NOT sign the app while Maven install and sign the app by hand, it works:
jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore /home/markus/.android/release.keystore myapp-1.0.apk androidreleasekey
I'm glad that I could manage it somehow, but can anybody explain to me why it doesn't work with Maven's sign profile on my smartphone? And what is interesting: I was always able to install it on my tablet, Android 3.0, even with Maven. Why does it work with Maven on Android 3.0 Galaxy Tab and not on my Android 2.1 phone?
By the way: A debug deployment always worked, even on my smartphone.
