Build Variants & Signing Flashcards
BUILD & TOOLING › Gradle
- How is the number of build variants determined?
- It is the cross product of all product flavors (one per dimension, multiplied across dimensions) and all build types. Three flavors in one dimension times two build types yields six variants; adding a second flavor dimension multiplies again.
- What is a flavor dimension and why is it required?
- A named grouping that every product flavor must belong to via dimension = "...". Dimensions let flavors combine across groups (e.g. tier x environment), and their declared order sets override priority, highest first.
- buildConfigField vs resValue - what does each generate?
- buildConfigField adds a typed constant to the generated BuildConfig class (read from Kotlin/Java). resValue generates a resource value (e.g. a string) accessible via R. Both can be set per build type or flavor for per-variant values.
- What is the source-set merge priority for the demoDebug variant?
- Highest to lowest: src/demoDebug (variant) > src/debug (build type) > src/demo (flavor) > src/main. Higher-priority sets override main; duplicate Java/Kotlin classes for the same variant cause a build error.
- Where does the debug keystore live and what are its limits?
- Auto-generated at $HOME/.android/debug.keystore on first build, with known credentials. It is fine for local testing but most stores reject it, and you can never publish a Play release signed with it.
- Upload key vs app signing key under Play App Signing?
- You sign your AAB with the upload key; Google verifies it, then re-signs the delivered APKs with the app signing key it stores in its KMS. The app signing key never leaves Google; you only manage the upload key.
- What happens if you lose your upload key (with Play App Signing)?
- You request an upload key reset in Play Console and keep shipping updates, because Google still holds the app signing key. Without Play App Signing, losing your signing key means you cannot update the app at all.
- How do applicationIdSuffix and versionNameSuffix help variants coexist?
- applicationIdSuffix appends to the applicationId (e.g. .debug) so debug and release can install side by side on one device. versionNameSuffix appends to versionName for display. Build-type suffixes apply after flavor suffixes.
- What does APK Signature Scheme v3 add, and what is key rotation?
- v3 (Android 9+) supports a signing certificate lineage, enabling key rotation: moving to a new signing key while proving continuity from the old one. Newer Android versions accept the rotated key; older ones keep using the previous key.