keyAlias
keyPassword
storeFile
storePassword
When signing an apk file, the above four parameters are required.
If I keep the keyPassword and sorePassword private, but make the jks file that the storeFile(not only the path, but also the content of the file) public, would others be able to forge an apk with only the jks file and not the passwords?
And would there be other security issues?
"would others be able to forge an apk with only the jks file and not the passwords?" -yes its possible to retrieve password of your keystore in many ways and simple one was using brute force and dictionary attacks. check out this link:https://gist.github.com/zach-klippenstein/4631307 Also its not advisable to make public of your keystore file.