Securing Your Private Key
Maintaining the security of your private key is of critical importance, both to you and to the user. If you allow someone to use your key, or if you leave your keystore and passwords in an unsecured location such that a third-party could find and use them, your authoring identity and the trust of the user are compromised.
If a third party should manage to take your key without your knowledge or permission, that person could sign and distribute applications that maliciously replace your authentic applications or corrupt them. Such a person could also sign and distribute applications under your identity that attack other applications or the system itself, or corrupt or steal user data.
 |
Your private key is required for signing all future versions of your application.
If you lose or misplace your key, you will not be able to publish updates to your existing application.
You cannot regenerate a previously generated key. |
Your reputation as a developer entity depends on your securing your private key properly, at all times, until the key is expired. Here are some tips for keeping your key secure:
- Select strong passwords for the keystore and key.
- Do not give or lend anyone your private key, and do not let unauthorised persons know your keystore and key passwords.
- Keep the keystore file containing your private key that you in a safe, secure place.
In general, if you follow common-sense precautions when generating, using, and storing your key, it will remain secure.