The workflow described in this article is used to apply the Symantec Sealed Program Libraries and test assertion to an Android app.
(For iOS apps, see Sealing iOS apps at http://www.symantec.com/docs/HOWTO95174 )
Before you start
Save and export a clean, unsigned copy of your .APK.
Important note: Upon saving the .APK file, a message is displayed informing you that the unsigned package is stored at the location you specified in the previous step. The message also reminds you to sign the application and to run the ZipAlign utility on your signed app package. The Symantec Sealed Wrap Kit takes care of these tasks for you. You may close the message and proceed with the following steps.
Upload your Android app and download the Symantec Sealed Library and Test Assertion
- Log into your Symantec Sealed Program Partner Portal ("portal") and in the left pane, select Apps.
- At the top of the center pane, click Add App... and then click Browse...
- Select your unsigned .APK file.
(Alternatively, you can drag and drop the file onto the App Upload icon.)
- In your Symantec Sealed Program Partner Portal, with your app selected in the middle pane, in the right pane, click the download icon for the Symantec Sealed Libraries. The WrapSDK file downloads to your default download location and the Download a Test Assertion panel appears.
- Download the Test Assertion. The file,
entitlement.assertiondownloads to your default download location.
Apply the Symantec Sealed Library and the Test Assertion to your Android app
Open a terminal session and change the terminal context to the directory containing the
Note: On Windows 7 and Windows 8, you must run CMD.EXE as Administrator or the sealing process will fail.
- Create a new directory- we'll call it
AppWrapfor this walk through- and change your terminal context to the new directory:
Downloads: mkdr AppWrap
Downloads: cd AppWrap
- Copy the files,
WrapSDK.ZIP, entitlement.assertion, and your app's .APK file to the new directory
- Extract the contents of the WrapSDK archive to the directory you created in Step1.
- Run the
Wrap.SDK.jar file with the following options and parameters (assuming the same directory name as above):
AppWrap: java –jar WrapSDK.jar <app name>.apk entitlement.assertion
For instance, if the original app name is TestApp.apk, the command is:
AppWrap: java –jar WrapSDK.jar TestApp.apk entitlement.assertion
The wrap utility completes and places the wrapped Android app into the target directory with the file name, output.apk.
You can also use the following command options:
To specify a java keystore (which allows your sealed app to be upgraded at a later date):
-k <keystore name>.jksNote: Only .JKS format is supported.
-p <keystore password>
-a <keystore alias>
- In your portal, in the right pane, click Done!.
Upload the test version of your wrapped Android app to your portal
The final phase in the Android app sealing workflow is to add the Symantec Sealed version of your app to your Symantec Sealed Project Partner Portal.
- In your Symantec Sealed Program Partner Portal, in the left pane, click Apps and in the center pane, highlight your app. In the right pane click Browse… .
- Navigate to the directory containing your sealed app, and then click Open. Alternatively, you can drag and drop your sealed .APK file onto the app upload icon.
Your Symantec Sealed Android app is now ready for testing.
Uploading revised Android Apps
For the purpose of illustration, we’ll assume the same hypothetical directory structure as in the sealing instructions.
- Put your updated .APK file into the same directory as the other app-sealing files. (In the previous instructions, we called this directory,
- If a new assertion is needed, at your Symantec Sealed Partner Portal, in the Admin console, click Apps > [your updated app] and at the top of the right pane, click Generate Assertion.
- Copy the new assertion to the directory containing the other app-sealing files.
- Run the command-line again.
- Back in your Symantec Sealed Partner Portal, go to Apps and highlight your app.
- In the right pane, in the app information area, click Upload new Test Version….
- Select and upload the new version of your app.
- Re-test your updated app and submit it again for validation.
Notes regarding the Android KeyStore and app signing
- When an Android app is sealed, the original keystore used to sign the app should be used (this is a command line option).
- Android will only upgrade apps that are signed with the same certificate. If an app is signed with a different certificate, the original app must be uninstalled so the new app can be installed.
More information and details regarding testing and submitting your app for validation are included in the Symantec Sealed Program Developer's Guide at http://www.symantec.com/docs/DOC7127
Rate this Article