Application Signing

You must sign the release version of your app with an Android certificate before you submit it for review.

Android uses a digital certificate (also called a keystore) to cryptographically validate the identity of application authors. All Android applications must be digitally signed with such a certificate in order to be installed and run on an Android device.

All developers must create their own unique digital signature and sign their applications before submitting them to Oculus for approval. For more information, see Sign Your App in the Android documentation.

Make sure to save the certificate file you use to sign your application. All subsequent updates to your application must be signed with the same certificate file.

There are 3 APK signing schemes. The version you should use is based on your app’s target device(s):

Target Device(s)Signing Scheme Version
Quest onlyv2
Gear VR and/or Gov1
Gear VR and/or Go and/or Questv1 (mark it as a hybrid app in the manifest with android:required="false")

Note: If you are developing for Gear VR, you may need sign your app with the Oculus Signature File (osig) during app development, which is different than signing your app for release. For more information, see Oculus Signature File (osig) and Application Signing.

Unity Settings for Android Application Signing

Unity automatically signs Android applications with a temporary debug certificate by default. Before building your final release build, create a new Android keystore and assign it with the Use Existing Keystore option, found in Edit > Project Settings > Player > Publishing Settings. For more information, see Android Player Settings: Publishing Settings in the Unity documentation.

For Quest apps note that Some versions of Unity 2017 do not support v2 signing. In this case, build to gradle, open your project in Android Studio and generate a v2 signed APK.

Unreal signing

The latest version of Unreal Engine in Github supports v2 signing. If you are using an older version of Unreal and publishing a Quest app, you will need to edit the manifest to use the correct signing schema or manually patch the version of Unreal you are using to sign an app correctly.