I'm fairly new to the process of uploading the Android App Bundle to the Google Play store, thus, the ask for help is highly appreciated.
A bit of backstory, all the builds we've uploaded to the Google Play store have been .apk files. The way we did this was:
Our developer (Third-party) would provide an unsigned .apk
We would then run it through a script that would apply our keystore to sign it.
After that, we would upload it to the store and distribute it accordingly (Testing or Production).
Now, with the .aab process is where i get lost. Our developer provided us with an unsigned .aab and when i upload it to the store, i get a "The Android App Bundle was not signed." error message.
The process is set with "Let Google manage and protect your app signing key (recommended)" option. I've also tried with "Use the same key as another app in this developer account" but with the same outcome. Finally, the options for "Export and upload a key from Java keystore" and "Export and upload a key (not using Java Keystore)" are out of my knowledge.
Would someone be able to suggest what the best options to use is? and if you can provide some step-by-step instructions of the upload process?
Everything i find here doesn't really cover my scenario unless i missed something.
Thanks in advance.
You still need to sign the AAB before you upload it. Except you need to use jarsigner instead of apksigner.
The rest should remain the same unless you rely on the certificate of the app to use some 3p APIs.
Related
I have built a app in android studio and would now like to publish it however I am very confused with the process for this. From Android studio I have generated a signed APK file which can be seen in the image below.
I see however that Google play console wants the files in the .AAB file type. How do I generate this/ what is it. The upload console can be seen below.
This is my first app upload so my questions may make no sense, please let me know in the comments below if there is anything I need to change or additional information required.
Any additional help with publishing apps on google play store will be greatly appreciated.
.AAB refers to "Android App Bundle", select Android App Bundle instead of APK after you clicked Generated Signed Bundle / APK, the rest of the procedure is more or less the same. You may refer to the official documentation for more information
I'm new to Ionic and mobile so my knowledge of code signing is limited. I started at a new company and I've been put in control of a ionic mobile application. I successfully signed and deployed to the ios store but am struggling with Android.
I can see the app signing certificate and the upload certificate in the google play store but I'm not sure what to do next. I keep reading that I need the same key that the app was initially submitted to the playstore with but is that the upload certificate or is that something specific to the developer that originally uploaded it with. I guess my question is, is this even possible given the certificates I have access to without the original key the developer may have used?
Any help and advice greatly appreciated.
Is it an application that is already present in play store? or is a new application that is being submitted to play store for the first time.
If that is a new application then you need to create a new jks file which should be kept safe as you will be using it every time to generate a signed apk file when ever you push the application to play store.
If that is an existing application in playstore there should be an existing .jks file which was used to generate a signed apk file. And now while pushing the application you need to generate signed apk using the same jks.
Let me know if you want to know how to generate a signed apk or create a .jks file.
I lost my android apk certificate. I formatted my mac mini and upgraded to a new MacBook Pro. Now I don't have access to the old mac. So there is no chance of retrieving the old keystore. And I am not enrolled in Google Play App Signing yet. If I enroll now, will I be able to update my app?
This is the error I get when I try update my app on play store :
You uploaded an APK that is signed with a different certificate to
your previous APKs. You must use the same certificate.
I know this is a duplicate question but I am asking it again because all the other questions are 3,4 years old. And I read somewhere that it is possible after May 2017 but I don't know how.
This is the comment I saw on quora (The link to the blog is broken):
https://www.quora.com/How-do-I-make-a-new-Certificate-Keystore-key-after-losing-the-key-of-my-Android-app
No need to Remove Your app from play Store You can Update Your app.
it’s Possible now, After May 2017 you can Update your app if you lost
your keystore or keystore password. Don’t lose Hope you can update
your app using new Keystore file please refer this blog http://geekcodehub.com/blog/
Code Hub here i wrote how to update apk if you lost your keystore
follow the step and create new keystore , I updated my app using this
step. you need to enable google play app signing on play store console
Is there any chance to update my current app? Without creating new app on playstore.
AFAIK it's not possible.
If you lose your keystore or think it may be compromised, Google Play
App Signing makes it possible to request a reset to your upload key.
If you're not enrolled in Google Play App Signing and lose your
keystore, you'll need to publish a new app with a new package name.
Source
Finally, I managed to retrieve the key. Here is How :
1- Download Disk Drill (Trial Version)
2- Download Hex Editor
Disk Drill shows all the files but you cannot recover without upgrading to Pro version, But don't worry there is a work around :)
Select the partition you want to recover. It will start getting a list of files which can be recovered. In the search bar write ".jks"
From the list select the .jks file which is around 2 kb. Ignore the other files. All jks file names will be like file000001.jks, file000002.jks...
In trial version you cannot recover it directly but you can view it. So, open the file you selected. Copy the Hex Code from it.
Open Hex editor, Paste the code in a new file. Save it with extension .jks
Run IDE (Visual Studio or any), Import the jks file and you are good to go.
In visual studio you can import .jks after archiving the android project. Select Ad Hoc and at the bottom there is an option to import an existing key.
I erased my drive completely from disk utilities and installed a new OS. But still I was able to recover the key. Never loose hope :)
I just enrolled to App Signing in Play console and everything works great.
But how should I treat my new upload keystore and its passwords now?
Can I just put this keystore under version control and put passwords into build script in plain text?
As I understand this keystore is only used to temporary sign my apk prior to upload. So I consider it to be pretty safe, since nobody except myself can actually upload new apk to Play, and there is no option to access my original release keystore by knowing upload keys.
Another thing that bothers me now is that I can't see any option to change upload keystore. Is it possible now, or at least planned to be added to Play console soon? If I'll publish my upload keystore and passwords to version control it would be nice to have an option to switch to a new private keystore, if something will go wrong.
The way you handle your keystore is pretty personal, but publishing it into your source control specially with the password is not a good idea.
You are right when you say that only you can upload the apk into your account, but your account can be compromized for various reasons, so it is always good to have a second step to upload any apk for your account.
When I worked into a team, since we had a private source control we upload the keystore with our codebase. But the password was managed through 1password.
Now that I work alone, I handle myself my keystore.
About your question to changing the keystore. This is not possible. That are two things you can't change after you uploaded your apk: the package and the keystore. This is done for security reasons.
You can have more info here: https://developer.android.com/training/articles/keystore.html
As #jonathanrz said, it's best to keep your keystore files private.
It's super easy to use a gradle.properties file to store you keystore passwords, and then just reference property values in your build.gradle file.
Just remember to guard the keystore files with your life, keep backups of them in multiple places, if you lose them, you'll have to re-upload your app.
I will answer my own question (based on Reddit discussion).
In order to change upload keystore you will need to contact Google support and request a reset. It is not the easiest option, but still good to have one.
Can't see big issues to keep upload certificate along with its password in a private repository. As long as it is not possible to automatically push production builds it sounds safe enough and also simplifies Alpha / Beta builds distribution.
Some people have reasonable concerns that by sharing release keystore with Google it may be compromised or used by Google to integrate malicious code into your app. But chances of it are pretty small so as long as you are not working on Facebook or other very popular apps it should be safe enough to rely on Google.
I wrote an android app for someone, but they want the source code because supposedly they need it to send the app to the android market.
Are they making that up or is that legit? Is there anyway to give them the app so that they can claim credit for it without giving them the source code?
I suppose worst case I could just get their publishing creds and publish it from my computer as though I were them..
Thoughts?
No, you do not need the source code to publish your app on the Android Market (now called Google Play Store). You just need a signed APK file.
No, they do not need the source code, only the unsigned APK. In order for it to be published they will need to sign it using their own fingerprint, but that should allow them to freely publish without having access to the source code. Alternatively, you could sign the APK yourself and give them that, but this might not be preferable for them.
Yes they need a version. However you could just send them the signed apk and let them release it from google.