How app signing works on Flutter - Android, iOS, MacOS, Windows, Linux

How App Signing works on Flutter – Android, iOS, MacOS, Windows, Linux

Posted on by Toma Velev

Here’s a breakdown of how app signing works on each platform that Flutter supports – Android, iOS, MacOS, Windows, Linux.

Common Concepts Across All Platforms

  • Code Signing Certificate: Digital certificate proving the identity of the publisher.
  • Hashing: A fingerprint of the app is created.
  • Encryption: The hash is encrypted with the developer’s private key (this is the “signature”).
  • Verification: At installation or launch, the OS decrypts the signature with the public key and checks the hash to verify integrity and authenticity. The general purpose of app signing is to verify the identity of the developer and ensure that the app hasn’t been tampered with since it was signed.

📱 Android

  • Tools: jarsigner, apksigner, Android Studio
  • Certificate: .jks (Java KeyStore) or .keystore
  • Signing:
    • APK or AAB is hashed and signed with the private key.
    • Mandatory for publishing to Google Play.
  • Verification:
    • Android OS verifies the signature before installation.
    • App updates must be signed with the same key.

Bonus: Android has v1-v4 signing schemes. Newer ones sign the entire APK contents and offer stronger integrity checks.

🍏 iOS (and iPadOS, watchOS, tvOS)

  • Tools: Xcode, codesign, xcrun, Apple Developer Portal
  • Certificate: Apple-issued certificate from a valid Apple Developer account
  • Signing:
    • App binary and resources are signed with the developer’s private key.
    • Includes entitlements and provisioning profile.
    • Signing is enforced even during development.
  • Verification:
    • iOS checks signature integrity and provisioning profile match at install and runtime.
    • Only Apple-signed apps run on real devices (unless jailbroken).
    • App Store re-signs submitted apps before distribution.😊

More on this in a previos article https://programtom.com/dev/2025/04/12/ios-app-signing-explained/

🍎 macOS

  • Tools: Xcode, codesign, notarization service
  • Certificate: Apple Developer ID Application certificate
  • Signing:
    • Required for Gatekeeper to allow apps to run without warnings.
    • Notarization: Apps are submitted to Apple, scanned for malware, and re-signed.
  • Verification:
    • Gatekeeper checks signature and notarization at first run.
    • Apps from unidentified developers show warnings or are blocked.

🪟 Windows

  • Tools: SignTool, Visual Studio, PowerShell
  • Certificate: Issued by a Certificate Authority (e.g., DigiCert, Sectigo)
  • Signing:
    • EXEs, DLLs, and installers are signed using Authenticode.
    • Uses .pfx files with private key.
  • Verification:
    • Windows checks signature on launch.
    • SmartScreen uses reputation + signature to show warnings.
    • Signed apps look trustworthy and get fewer warnings.

🐧 Linux

  • Tools: Varies — GPG for packages, Flatpak/FlatHub, Snapcraft
  • Signing:
    • DEB packages: Signed using GPG keys (APT checks signatures on repo metadata).
    • RPM: Uses GPG signing with rpm --addsign.
    • Flatpak/Snap: Sandboxed formats signed and verified automatically.
  • Verification:
    • Signature checks usually occur during package install (not app run).
    • Manual code signing isn’t standardized — more trust is placed in package maintainers or distros.

🔐 TL;DR Table

Platform Mandatory? Signature Used For Tools/Certs
Android Yes Install, Update, Identity JKS, apksigner, Android Studio
iOS Yes Install, Entitlements Xcode, Apple Certs
macOS Yes (for trust) Gatekeeper, Notarization codesign, Apple Dev ID
Windows Optional (recommended) SmartScreen, Trust SignTool, EV/OV Certs
Linux Yes (package level) Package Integrity GPG, Snap, Flatpak