You must sign the release version of your app with an Android certificate before you submit it for review.
Android uses a digital certificate (also called a keystore) to cryptographically validate the identity of application authors. All Android applications must be digitally signed with such a certificate in order to be installed and run on an Android device.
All developers must create their own unique digital signature and sign their applications before submitting them to Oculus for approval. For more information, see Sign Your App and apksigner in the Android documentation.
Make sure to save the certificate file you use to sign your application. All subsequent updates to your application must be signed with the same certificate file.
Oculus currently requires either v1 and/or v2 of 3 APK signing schemes. Oculus allows apps that are additionally signed with v3, although v3 signing is currently not required. The version you should use is based on your app’s target device(s):
| Target Device(s) | Signing Scheme Version | More Details |
|---|---|---|
| Quest/Quest 2 | v2 and v1 | You must add headtracking feature to the manifest to sign as v2. For more information, see Android Application Signing. |
| Go | v1 | The v1 scheme is based on JAR signing. See Application Signing (Android Docs). |
| Go and Quest | Sign as v1, but if app uses headtracking, mark the manifest with android:required="false") | For more information, see Android Application Signing and Application Signing (Android Docs). |
You can use the apksigner tool to verify your APKs signature. To do so, use the following command:
$ apksigner verify --verbose ~/path-to-apk/app-name.apk
You should see output similar to the following:
Verifies Verified using v1 scheme (JAR signing): true Verified using v2 scheme (APK Signature Scheme v2): true Verified using v3 scheme (APK Signature Scheme v3): false Number of signers: 1
Unity automatically signs Android applications with a temporary debug certificate by default. Before building your final release build, create a new Android keystore and assign it with the Use Existing Keystore option, found in Edit > Project Settings > Player > Publishing Settings. For more information, see Android Player Settings: Publishing Settings in the Unity documentation.
The latest version of Unreal Engine in Github supports v2 signing. If you are using an older version of Unreal and publishing a Quest app, you will need to edit the manifest to use the correct signing schema or manually patch the version of Unreal you are using to sign an app correctly. For more information, see Signing Projects for Release in the Unreal docs.