LinuxCommandLibrary

bundletool-validate

Validate app bundles and APK sets

TLDR

Verify a bundle and display detailed information about it

$ bundletool validate --bundle [path/to/bundle.aab]
copy

SYNOPSIS

bundletool validate [--bundle=<PATH> | --apks=<PATH>] [options]

PARAMETERS

--bundle=-b=<PATH>
    Path to Android App Bundle (.aab) to validate (required unless --apks used).

--apks=<PATH>
    Path to APKs directory or ZIP (mutually exclusive with --bundle).

--connected-device
    Validate APKs against a connected Android device (requires --apks).

--ks=<KEYSTORE>
    Keystore file path for signed bundle validation.

--ks-key-alias=<ALIAS>
    Key alias in the keystore.

--ks-pass=<PASSWORD>
    Keystore password (pass:val, file:path, env:var).

--key-pass=<PASSWORD>
    Key password (pass:val, file:path, env:var).

--local-testing
    Validate for local testing deployment optimizations.

--print-ks-debug-info
    Print keystore debug info (use cautiously).

DESCRIPTION

The bundletool validate command is part of Google's bundletool, a command-line tool for Android App Bundles (.aab files). It thoroughly checks the bundle's structure, manifest, resources, dex files, assets, and signing configuration to ensure compliance with Android requirements.

This validation catches issues like invalid compression settings, missing master bundle, incorrect feature declarations, resource conflicts, or signing problems before upload to Google Play or deployment. When validating signed bundles, it verifies signatures using provided keystore details.

For APKs generated from bundles (via build-apks), use --apks with optional device compatibility checks. It's essential for developers to prevent upload rejections. Run via java -jar bundletool.jar validate; output lists errors or confirms validity.

Supports local testing mode for optimized bundles. Ideal for CI/CD pipelines to automate quality gates.

CAVEATS

Requires Java 8+ and bundletool JAR. Not a native binary; invoke as java -jar bundletool-all-VERSION.jar validate. Sensitive keystore data should use secure password methods. Fails silently on unsigned bundles without --ks.

INSTALLATION

Download bundletool-all-*.jar from https://github.com/google/bundletool/releases. Make executable: chmod +x bundletool-all-*.jar; alias as alias bundletool='java -jar /path/to/bundletool.jar'.

EXAMPLE

bundletool validate --bundle=myapp.aab --ks=debug.keystore --ks-key-alias=key0 --ks-pass=pass:android --key-pass=pass:android
Validates signed bundle or reports errors.

HISTORY

Introduced by Google in 2018 with Android App Bundle launch (bundletool v0.2.0). Evolved with AAB features; current v1.15+ supports modern signing v2/v3 schemes and dynamic features.

SEE ALSO

bundletool(1), aapt2(1), apkanalyzer(1), adb(1)

Copied to clipboard