Quick Start
With a single app file, you can complete protection in five steps. Each step explains what it does and why.
Prerequisites#
- The app file you want to protect —
.apkor.aab(see Supported file formats) - The signing key (keystore) you use for store distribution — if you have ever shipped an app, you already have one.
If the keystore concept is unfamiliar, start with the "Signing & Keystore" entry in the Glossary. We'll cover it again in Step 5.
Supported file formats#
| Extension | Description | When to use |
|---|---|---|
| APK | An app file that installs directly onto a phone | Direct distribution, testing, some stores |
| AAB | A bundle file submitted to Google Play | Official Google Play distribution |
Both formats are supported, so you can simply upload the same file you normally submit to the store.
Step 1 · Upload#
In the Upload menu of the dashboard, drag and drop or select your file. The file is transferred directly to storage without passing through our server, and the upload progress is shown in real time.
Step 2 · Choose protection options#
Once the file is uploaded, the protection options appear. Core protection (code locking and obfuscation) is always applied, so you don't need to select it separately, and you can choose additional options such as root detection, hook detection, and monitoring. A description of each option is documented in Protection options.
Step 3 · Processing#
When you press Start, protection begins and the stages are displayed on screen in order.
Analyze → Code packing → Native build → Sign-align → Finalize
It usually completes within tens of seconds, and you'll receive a notification when it's done. You're free to do other work while processing is underway.
Step 4 · Download#
Once processing is complete, download the protected app using the Download button.
Step 5 · Sign it yourself, then distribute#
⚠️ This is the most important step. The downloaded file is still unsigned. You must re-sign it with your own keystore before it can be installed or distributed.
Why you must sign it yourself. An app signing key is the app owner's identity and a secret that should never be handed over to anyone else. Google Play also uses that key to verify that "this app was made by the owner of this key." For this reason, signing is always performed by the app owner. zipalign (including 16KB page alignment) is already applied by Appsolid, so you only need to sign — no additional alignment work is required.
apksigner sign --ks my-release.keystore protected-app.apk
If an external development partner handles your builds, simply instruct them to "re-sign the protected file with our key and submit it."
Once signing is complete, submit to the store or distribute exactly as you normally would.
If something goes wrong#
- If processing appears to stall, try again after a short while. It may be a temporary processing backlog.
- For further questions, check the FAQ.
Next#
- Protection options — details of each option
- Monitoring — check the status of your protected apps