I am currently having an Android application developed by an outside third party. We are at the point where we are ready to implement/test In-App purchasing, but in order to proceed with that we must upload the application to the market first (so we can make the In-App Purchase ID’s). In order to upload to the Market, you must sign the application with a non-debug key.
My questions are:
- What is the best way to go about this and maintain the privacy of my keystore?
- Can the keystore be changed later without affecting functionality of the app?
- What is a good back-and-forth process that would make this work, assuming I will not be coding the In-App purchasing myself?
The keypair used for signing must remain unchanged, otherwise you can’t update existing application in Market. Consequently right approach is that the developer gives you an unsigned APK and you sign it locally, then submit to Market.
As Bruno Oliveira suggested in another answer, for debug purposes you can create an application and sign it with the key shared between you and developer. But in this case be ready to create and submit a brand new application for release for the reason I mentioned above.