Android requires that each application be signed with the developer's digital keys to enforce signature permissions and application request to use shared user ID or target process. For more information on the general Android security principles and signing requirements, see the Android Security and Permissions section in the Android Developer Guide). The core Android platform uses four keys to maintain security of core platform components:
platform: a key for packages that are part of the core platform.
shared: a key for things that are shared in the home/contacts process.
media: a key for packages that are part of the media/download system.
releasekey: the default key to sign with if not otherwise specified
These keys are used to sign applications separately for release images and are not used by the Android build system. The build system signs packages with the testkeys provided in build/target/product/security/. Because the testkeys are part of the standard Android open source distribution, they should never be used for production devices. Instead, device manufacturers should generate their own private keys for shipping release builds.
A device manufacturer's keys for each product should be stored under vendor//security/
, where and
represent the manufacturer and product names. To simplify key creation, copy the script below to this directory in a file called mkkey.sh. To customize your keys, change the line that starts with AUTH to reflect the correct information for your company:
mkkey.sh is a helper script to generate the platform's keys. NOTE: the password you type will be visible in your terminal window. Note the passwords you use as you will need them to sign release builds.
To generate the required 4 platform keys, run mkkey.sh four times specifying the key name and password for each:
sh mkkey.sh platform # enter password
sh mkkey.sh media # enter password
sh mkkey.sh shared # enter password
sh mkkey.sh release # enter password
You should now have new keys for your product.
Signing a build for release
Signing a build for a release is a two-step process.
Sign all the individual parts of the build.
Put the parts back together into image files.
Use build/tools/releasetools/sign_target_files_apks to sign a target_files package. The target_files package isn't built by default, you need to make sure to specify the "dist" target when you call make. For example:
make -j4 PRODUCT-
The command above creates a a file under out/dist called
-target_files.zip. This is the file you need to pass to the sign_target_files_apks script.
At startup, Android displays a splashscreen image while booting the device. Do the following if you wish to modify the default splash screen:
Create a 320x480 image, splashscreen.jpg in this example.
Using ImageMagick, convert your .jpg file to .r format:
convert screen.jpg screen.r
Use the rgb2565 application to convert the image to 565 format:
rgb2565 < screen.rgb > screen.565
Use fastboot to flash the image to the device:
fastboot flash splash1 screen.565
Network Customization Platform
Android stores network configurations as a resource that gets compiled into binary at form at build time. The XML representation of this resource is located at //android/frameworks/base/core/res/res/xml/apns.xml. This file does not include any configured APNs. You should not modify this file, but instead configure APNs by product at build time (see Build-time APN Configuration below).
Each network configuration is stored in an XML element following this syntax:
Build-time APN configuration
To set the APN configuration for a particular product target, add an apns-conf.xml file to the product configuration (do not modify the default platform APNs). This allows multiple products, all with different APNs, to be built off the same code base.
To configure APNs at the product level, add a line to the product configuration file like the example below (vendor//products/myphone-us.mk):
At runtime, the Android reads APNs from the following file:
Android supports the following run-time network configuration methods to choose the appropriate APN from the list of configured APNs:
Automatic Configuration: At boot time, Android determines the correct network configuration based on the MCC and MNC from the SIM card and automatically configure all network settings.
Manual Configuration: The platform will also support runtime (user) manual selection of network settings by name, for example, "Company Name US," and will support manual network configuration entry.
WAP / SMS Push Configuration: The network configurations are standard Android resources. You can upgrade a resource at runtime by installing a new system resource APK package. It will be possible to develop a network configuration service which listens to a specific binary SMS port for binary SMS messages containing the network configurations. NOTE: The implementation will likely be network operator dependent due to inconsistent SMS ports, binary SMS formats, etc.
Customizing pre-loaded applications
To customize the list of Android packages for a particular product (applications, input methods, providers, services, etc.), set PRODUCT_PACKAGES property in the product configuration, as illustrated below:
PRODUCT_PACKAGES := \
Package names should correspond to the LOCAL_PACKAGE_NAME specified for each package's build target. For example, the Android.mk build target for Mail, referenced above, could look like this:
# Specify the certificate used to sign the application
LOCAL_CERTIFICATE := vendor//certs/app
# Build the login client static library
Note that the home screen is just an Android application that can be replaced entirely or customized by changing source code and application resources (Java source, layouts, etc.).
Customizing browser bookmarks
Browser bookmarks are stored as string resources in the Browser application: //android/packages/apps/Browser/res/values/strings.xml. Bookmarks are defined as simple value string arrays called "bookmarks". Each bookmark entry is stored as a pair of array values; the first represents the bookmark name and the second the bookmark URL. For example:
Like and Android application resource, the platform will load alternate resources based on the platform configuration values. See Resources and Internationalization in the Android SDK for details. To configure bookmarks for a specific mobile network operator, place your customized bookmarks in a separate strings.xml file and place it under a Mobile Network Code (MNO) specific resource folder. For example, Browser/res/values-mccXXX-mncYYY/strings.xml where XXX and YYY represent the three-digit MCC and two to three digit MNC values.
Android loads any configuration-specific resources as override values for the default values, so it is only necessary to include the bookmarks string-array values in this file.
Email Provider Customization
The default email provider settings are stored as string resources in the Email application (//android/packages/apps/Email/res/xml/providers.xml) as illustrated below.
As with all Android application resources, the platform will load alternate resources based on the platform configuration values. See Resources and Internationalization in the Android SDK for details. To configure email providers for a specific mobile network operator, place the customized providers in a separate providers.xml file and place it under a Mobile Network Code (MNO) specific resource folder. For example, Email/res/xml-mccXXX-mncYYY/providers.xml where XXX and YYY represent the three-digit MCC and two to three digit MNC values.
Themes and Styles
System level styles are defined in //android/framework/base/core/res/res/values/styles.xml.
Android supports configurable animations for window and view transitions. System-level animations are defined in XML in global resource files located in //android/framework/base/core/res/res/anim/.