Well, this went far more smoothly than I had anticipated. At the XE5 World Tour event in Auckland, Brian Hamilton, creator of the iWD app, told us that getting his approved took about a week (if I recall correctly), and he had to submit a video showing how his app worked, so I was anticipating a couple of days at least to get my widget published. A couple of hours is all it took !
The process of submitting an app is very straight-forward.
You can choose whether to start by uploading the app or filling in the Store listing details first. I opted to upload the APK first.
This requires that you sign the APK with a legitimate key, rather than the default, debug key provided with the Android SDK. If you try to submit an APK signed with this debug key the store rejects the APK immediately.
The Java JDK includes a utility for generating your own key for signing apps: keytool
Following the guide on the Android SDK developer site I had my own key after a few seconds.
In Oxygene, signing an app with your own key is a simple matter of changing some project settings. In the Release build configuration, choose to sign with your own key rather than the default, debug key, and then identify the location of the keystore file containing the key you wish to use (as produced by keytool).
Signing itself is performed by Oxygene as part of the build process, so simply build for Release to produce an APK which the Google Play Store is happy to accept.
After that, preparing the store listing took a few more minutes, writing up a description for the app (in my case a widget) and providing 2 screenshots (mandatory minimum) and setting pricing etc.
All in all, it took longer to design the icon for my app (widget) than it did to submit it to the store !
Pleasantly Surprised
As I say, I had expected it to take at least a couple of days for my widget to get approved and published so wasn’t particularly surprised or disappointed not to receive any email notifying me that my widget was published as yet.
However, it seems that you don’t actually receive any such notification. Out of optimistic curiosity, a couple of hours later I tried searching the Play Store for my widget and lo and behold, there it was !
This has actually caught me out a little as the landing page I have in mind for the link for my “Developers Website” isn’t yet ready, so I had to quickly cobble something together to avoid potential users being confronted by an ungracious “404 – not found“.
So, my first widget published in the store !
[appbox googleplay nz.co.deltics.batterywidget]
Apple’s process took me 2.5 weeks, and I definitely got an email when it went in.
I suspect that my widget was particularly easy to approve given that it asks for (and needs) no permissions. It will be interesting to see how a more capable app fairs when going through the same process (in all of the Google, Apple and Microsoft stores).
Google Play approval is entirely automated AFAICT, there is no review as in the Apple or FireFox store. You can submit non-functional apps, as long as they have a correct manifest, are properly signed and pass the Google anti-malware scan. The only delays are those of propagation in the google play servers.
I would be interested to have more details about the app that took one week and a video, because that’s the first time I’ve heard that. Maybe it was actually the merchant account approval?
Well, that “1-week plus video” app was of course a FireMonkey app. I wonder if the fact that FireMonkey apps are wrapped inside an NDK container increases their potential threat profile ? Package scanners (Reflection based?) presumably can’t glean as much information from an NDK app as they can from an SDK one, if that is the basis for the approval process.
That and the fact that the size of a FireMonkey app will be vastly out of proportion to the stated functionality, potentially raising further red flags on any risk assessment.
All of the above however is complete speculation on my part.
You would have to ask Brian himself if he got any feedback from Google to indicate why his approval process took so long and why the video was deemed necessary. Though if he had received any such feedback I would have thought he would have covered it off in his presentation as useful to know.
Yes, you’re right, didn’t think of that, but the NDK container probably increases both the threat profile and the diagnostic complexity. Also the app is huge indeed for a simple weather app, so it all probably combined to having it flagged as having a suspicious payload.
My experience on Java and/or Phonegap Android apps is that approval was close to instantaneous both for submissions and updates, which is very convenient for Enterprise apps, that have a small/captive audience but sometimes need fast hot-fixing.