Why DOES Appium sign the .apk? Are there any benefits?

I’ve been using appium for years, I know about noSign and all that good stuff. I don’t care about iOS for the moment.

I don’t know of anyone ever asking “Why DOES Appium resign the .apk by default?”
This has caused problems on two apps I’ve automated now. Had to turn signing off and saw no ill effects. I might have to suggest to the company I’m working for now (long story don’t ask) that we default to -noSign, but want to ask if there are any risks/pitfalls here before recommending this.

If you’re going to ask the problems I’ve seen - one was with google In App Billing, and the other other was with security that worked with the SIM card’s Secure Element.


1 Like

Sorry to ask you directly @jlipps, but this is of relative importance as I’m about to switch all of our company’s branches to use noSign, and I’m very curious if there are any potential negative side-effects of NOT signing the .apk.

Thank you!

I’m also interested in an answer on this issue. I actually see the opposite i.e. side effects due to the resign as google maps seems not to work anymore after an installation through appium (haven’t checked whether it works with noSign yet). This also violates Appium’s first principle, so there should be a good reason for resigning…

After going through documentation here

Skip checking and signing of app with debug keys, will work only with UiAutomator and not with selendroid, default false

What i understand, signing is done for Selendroid as it’s required. As per the documentation and @jwallis has mention that there no problem faced while noSign is set to true .

So there shouldn’t be any problem as long as we are using UIAutomator, However only AppiumDEV’s can confirm on this.

in this case and if there is no other benefit or use case noSign’s default value should rather be false or linked to the selendroid capability. What do you think?

I created a github issue: https://github.com/appium/appium/issues/5969

1 Like

My thoughts exactly on changing noSign’s default (to True actually). Come to think of it we used maps a bit and I think we had to set noSign for that app also.

Defaulting to true will break Selendroid unless a custom keystore has been setup. If the goal is to have the devs respond then the github issue is the best place.

I think the feature request (don’t resign if using uiautomator with an already signed app) makes sense.

1 Like

Thanks bootstrap. Will remember to try github next time.