Sometime back, I helped a friend of mine to launch an app in the Android market. As most of the Android developers know, one of the requirements to upload your APK file into the android market is that you have to sign it using a KeyStore.
I created a new KeyStore for him and I signed the app and he uploaded it to Android market. All this happened a couple of years back and now when he wanted to update the app again, he had to sign the apk file again with the same KeyStore.
I had remembered to backup the keystore file, but somehow couldn’t remember the exact password I used while creating the KeyStore.
I started my search to find ways to recover the password and luckily found a tool, which took a smart list of words and then tried to guess the password by brute force. I gave it a couple of probable words that I would have used for the password and luckily I was able to recover the password with-in a couple of hours.
Some major take aways for me from this entire episode.
- Always, always and always make sure you have more than one copy of backup
- Don’t ever forget the password for your KeyStore. If you do then you might have to abandon your current app in the market.
- As @pareshmayani pointed out below, make sure you store the keystore file as well in your app’s repo. God be merciful on you, if you don’t version your code
- Sometimes keeping a simple password helps