My client has given me an android project to fix some errors and add new features. This app was created and published on google play console by another programmer who currently has gone. So, now comes time to upgrade to the new version, but I don't have the original signing key. So my client said me to create a new app in google play console and put the new upgraded version. But when I tried to upload signed bundle with new keystore I got this error
my build gradle picture
enter image description here
What can I do in order to solve this problem?
Upd: Same error when I upload release version. Also when I upload bundles of other projects to the app, no error occur.
Upd2: If my client request for 'Upgrade your app signing key for new installs'. Will it help?
You have to upload the app-release.aab not that app-debug.aab. It should be in the app/release folder while the debug one should be in the app/build/outputs/apk/debug.
Firstly, if you're getting an error that the AAB isn't signed, then you're not signing it. If you use the wrong key, you get an error saying the upload key doesn't match. Here's the instructions on how to sign your app
If you don't have the original app signing key, you can't update the app anymore. You'll have to create a new one, which is basically a completely new app with no connection to the original. And I'm not sure if having two apps with the same applicationId (i.e. kg.ilimbox.mobile) on the same developer account would be a problem, it's meant to be unique.
But you might be ok if your app is enrolled in Play App Signing though - basically how that works is the Play Store holds your app-signing key, and it uses that to sign APKs created from the AAB bundles (the bundles allow it to create custom APKs for a specific device, and those need to be signed with the app key, so the Play Store needs to have that).
In this case, when you upload an AAB, you're signing it with an "upload key", which is basically how the Play Store checks it's an authorised upload. And you can ask them to reset that certificate, so you can use a different key. They push this as a feature, so that if you lose your key, you don't lose the ability to update the app (because Google holds the actual app signing key)
There's a link to the key change request process in that last link - you basically have to contact them while logged into the developer account (so they can see your email matches the one associated with the account), you create a new upload key and give them the certificate, and they'll update your app entry so you use that new one to sign AABs. You won't be able to upload for a few days though. You can see the current app signing and upload certificate hashes under App integrity, so you'll be able to see when they update
You can request an app signing key upgrade (one time only) but ideally you won't need that, it's better to update the upload key if you have the option
So, here I write how I solve this problem.
Change application id in module build gradle file
delete testCoverageEnabled in module build gralde
b
buildTypes {
release {
testCoverageEnabled true
}
}
Clean project
change version code
Related
My app curtently uses apk without storing sign key on Google servers. I want to create closed alpha test with new Flutter app version and app bundle. As far as I understand, I am forced to store key on Google servers. So, is it possibile to:
keep production version as apk in PlayStore
create new alpha version that uses app bundle and key is stored on Google servers
I want to keep my current key, I don't want Google to generate new one because first - key hash is used to configure some services like Firebase and Facebook login so it can't be changed, second alpha version needs to use the same key as stable production version.
Of course, curtently both app versions are the same package name and the samy signing key is used to sign release build. In the future, alpha version will be promoted as new stable (when testing finished).
I was unable to find any straightforward way to do what I want, especially Google always proposes to generate new signing key.
Any tips?
If you have an existing app, Google Play does not generate a new key when you enroll in Play Signing. You are prompted to give Google your existing key which it will use to sign the APKs it produces from the app bundle.
Note: I'm not sure where you have seen that Google "always proposes to generate a new signing key", a screenshot would be helpful to understand better where this is coming from. The only time Google would offer to create a new key is when you create a new app but you seem to suggest that you have an existing app, so this isn't it.
It seems that you could just enroll in Play Signing by giving your key to Google, then upload app bundles the same way you were uploading APKs before (in whichever release channel).
I am opting to use Google Play App Singing service for my app.
I created a keystore, and signed my release app bundle with it. I then create an Internal Testing release, and opted in to Play App Signing with a single click. Nothing more was asked of me in this regard.
Now I am confused, becuase everything I read in the docs says that you will be asked to provide an upload key for the app. I was not asked to provide this.
When I go to app signing page in the Release section, it does not give me the option to upload/create and upload keystore.
What exactly has happened? How I am enrolled in Play App Signing without have uploaded an upload keystore?
firstly you have to sign your aab/apk file with the given configuration for keystore. This allows you to continually maintain update and management rights for your app beyond release. also what you need to understand is google extracts the release key from the app bundle once you upload to console drive. however, in what you are doing, you are providing the key manually. Ill give you a run down of the keys as you seem to be a little green with this system:
The app signing key can never be changed for the lifetime of your app. Keep your app signing key secret, but you can share your app’s public certificate with others.
Upload key
The key you use to sign your app bundle or APK before you upload it on Google Play. Keep your upload key secret, but you can share your app’s public certificate with others. For security reasons, it’s a good idea to have app signing and upload keys that are different from each other.
You have to sign your apk/aab file with the keystore in the release configuration. Otherwise if you enrol in Play App Signing using your debug key, you will encounter problems in the future if your debug key resets and you will not be able to update your app.
Once you have signed the app bundle with the release key, it will get extracted by Google automatically when you upload it to the Google Play Console. You are providing the key automatically in the bundle you are uploading.
More information here: https://support.google.com/googleplay/android-developer/answer/9842756?hl=en-GB&visit_id=637418371461688084-2328838094&rd=1
I have this application which was made in 2015. I have updated that application and now I want to upload the updated version to play store. But unfortunately, it is giving me an error that the SHA1 key is different. I am attaching the image below. Play store console SS
Furthermore, the organization that I am working for, does not have any information about the key store password or Alias. There is literally no information about the previous version. Therefore, I am totally clueless how to update this application in google play store
Without SHA1 Key you can not generate another Signed APK to upload . You must need that key in order to generate new signed APK to Upload .
Google will not re-sign any of your existing or new APKs that are signed with the app signing key. This enables you to start testing your app bundle in the open, closed, or internal test tracks while you release your existing APK in production without Google Play making any changes to it.
This basically means that the you are trying to generate a signed apk using a different certificate than the one that was used to sign the original apk. If you cant get a hold of the hold certificate you will have to create a new one (what I think you have already done), generate a signed apk then publish it as a new app on the play store. You will have to un publish the old application though. Try using a slight change in the package name like a change from small letter to capital letter eg from "com.example.company" to "Com.example.company"
It is precisely this problem that caused Google Play to introduce Google Play App signing. If your app is opted in, then Google looks after your signing keys, and if you lose the information, then Google Play support can help you change the upload key.
However, if you are not opted in to Google Play app signing there is nothing you can do.
The best option is, as other people have said, unpublish the old app, create a new one, and this time opt in to Google Play App Signing so it doesn't happen again.
I uploaded an app on google play but made it accidentally free. Now i want to upload the same app again and make it paid. How do i make that? When I try to upload the apk again, it says:
You uploaded an APK or Android App Bundle that is signed with a key that is also used to sign APKs that are delivered to users. Because you are enrolled in app signing by Google Play, you should sign your APK or Android App Bundle with a new key before you upload it.
How do I sign a new key (please explain this to a newbie, im not a programmer, I created an apk file with thinkable)
There are two things you need to be aware of:
First, no two apps in the store can have the same package name (i.e. unique identifier). In Thunkable, the package name is com.{username}.{appname}, so you will need to change either the username of the app name before uploading your new app.
Then, there is the question of the keystore (See "Keystores" section in Thunkable docs). It seems that you opted out of "Play Signing" for the first app you created, and now you opted in for your second app, but used the same cryptographic key for both apps. This can lead to security issues when you use the same key for two different purposes (simplifying a bit, sorry). Thunkable unfortunately does not seem to support generating new keystores, so you have two options: 1) Create a new account with Thunkable (which should generate a new keystore), or 2) Opt out of "App Signing by Play" when you're prompted in the Play Console when you upload your app.
Hope that helps! Good luck :)
I am currently struggling with the upload key, which is the new method of signing APK's to publish it to Google Play.
What I have done
I created a new app which should now on the play store.
I created an app entry on the Play console.
Then I activated Google Play App Signing
I uploaded my signed APK with a normal keystore file.
And then I get the following error message from the upload dialog.
Upload failed You uploaded an APK that is signed with a key that is
also used to sign APKs that are delivered to users. Because you are
enrolled in App Signing, you should sign your APK with a new key
before you upload it.
What's the problem
I did not find anything to upload an upload key or how to generate something like this. Is the upload key equal to the keystore file?
What I've tried to do
Then I looked at the documentation of app signing here. But I don't understand how I can create this upload key and send it Google.
Can anyone help me?
I just went through this exhausting process. I'm using React Native so I never even use Android Studio unless I need to launch a virtual device. I'm documenting this for myself and anyone else that has been traumatized by this experience. This is explicitly for the 'Upload Key' option. Google then swaps it out on Play so you aren't really responsible for making sure you don't lose the one and only key to your fortunes.
Open the 'android' file inside your React Native project in Android Studio. Build it and do whatever you have to so it gives you the options to produce an APK (unsigned or whatever). You can also just run it from here on a VD or a phone if it's attached. I had to do updates to get it to build so you may need to do the same.
First go to 'Build' in the menu:
This window will come up:
Click 'Create new...'
A dialog like this will come up. Fill it out with your info. Note that there are two separate passwords. Remember what you put there for later.
Go to someplace you want to store the key. In React Native, there is already a folder called 'keystores' at MyApp > android > app. Choose that as the key store path by clicking the '...' button.
Type in whatever you want your key called. I gave it the same name as the app.
This will bring you back to the previous dialog. Fill in the passwords from before and click 'Next'.
This will bring you to this dialog where you can choose where to put the apk. By default in React Native it goes to MyApp > android > app > app-release.apk. Click those two tick boxes otherwise you will have to change some configs or Google Play will reject it. They start out unchecked.
Go to this page in your Developer Panel. Click 'Edit Release'. This is presuming you've already set up a beta or alpha release. (Not covered here.)
That will bring you to this page. Drag and drop your apk here or upload with the button.
Please, Google, document this process somewhere! Peace out!
Create a signed bundle in latest version of Android Studio, sign your app with jks as usual except with "export encrypted key" checked.
Your private key will be exported at ~/.android/private_key.pepk by default.
For me, the experience was different as of Feb 2019.
While uploading a signing key, I haven't completed the optional Upload Key section as it said that I can complete this step later.
After I have uploaded a signing key and pressed Finish, it said that now I have an upload key and I'm good to go even though I haven't created one.
It took me time to see that fingerprints of the signing certificate and upload certificate are identical, i.e. Google has silently registered my signing key as an upload key.
Hope this helps somebody.
Per the Help Page:
Upload key: A new key you generate during your enrollment in the program. You will use the upload key to sign all future APKs prior to uploading them to the Play Console.
So it is just a new key you generate using the existing process.
The Android Developer page you mentioned(Sign an APK) clearly lays out how to generate a key using Android Studio. Notice the Generate a key and keystore section.
An upload key is no different in terms of how it is created. It is only the purpose that makes it different from the signing key. Upload key is only used to upload the APK to the Google server so that they can authenticate you. Google then does the actual app signing for you.