Android app - bugs showing only in release bundle - android

I recently uploaded my first Kotlin-Android app to a closed testing (alpha) track in Google Play Console. The review was complete and I shared my link to some testers. Unfortunately the release bundle has major bugs that are not present in the debug APK! (the one that generates automatically when I hit "Run" in Android Studio). I checked both bundles on my device and the debug version works perfectly fine while the release is unusable. Is there anyway to debug a release version??? Or maybe create a debuggable build that mimics it's behaviour (as a release build is set to be undebugable for safety reasons...). Is there a way to see the app logs? (or are they removed in the release build?)
I think it's important to mention that all bugs are related to Firebase actions. My Firebase project have all the needed "SHA certificate fingerprints" (SAH-1 & SHA-256 for the debug, upload & app-signing keys). Maybe another thing is missing?
Maybe the specific bugs can point to the root of the difference, so these are my 2 biggest bugs:
Each user document holds a list of items which is shown in a recyclerView in one of his screens. In the release version no item is shown. I checked the Firestore console and the items are added successfully (from any version) and they show when I sign in the same user with the debug version.
Can't sign in via phone number (in Firebase auth pre-built UI). The other methods work fine. I can even link a phone to an existing account, but the pre-built sign-in flow stops after I enter a phone number and resets to the initial screen. In the debug version that works fine.
Did someone encounter anything like that?
Any help would be appreciated.

I found the way to debug the release bundle. The problem was that the "release" build variant used the default signing key - the debug key. I had to Configure the build process to automatically sign my app with a secured key. At the end, I have the following code in my "build.gradle (:app)" file:
...
def keystorePropertiesFile = rootProject.file(<keystore.properties file location>)
def keystoreProperties = new Properties()
keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
android {
signingConfigs {
ionce {
keyAlias keystoreProperties['keyAlias']
keyPassword keystoreProperties['keyPassword']
storeFile file(keystoreProperties['storeFile'])
storePassword keystoreProperties['storePassword']
}
}
...
buildTypes {
release {
...
signingConfig signingConfigs.ionce
}
}
...
}
...
(I choose to Remove signing information from my build files. If you do, pay attention to the "\" orientation in the storeFile field as the error is not very informative. This answer helped me)
If anyone also encounter one of the two issues I mentioned, here are the solutions:
The difference between the build variants was that in my "release" variant I use minifyEnabled true, which changes the attributes' names to minify the code. When getting the document from Firestore it did not match the object structure and failed to load the list. The solution is in this answer.
This one was not related to the difference in build types - seems I didn't check the feature after upgrading firebase-auth library in my gradle. Upgrading the firebase-ui-auth library, like in this answer, did the trick :)

you can add this debuggable true in your gradle file
release {
debuggable true
minifyEnabled false
shrinkResources false
}
this will help you debug the release version, make sure that minifyEnabled and shrinkResources are false
to run the Release version of the app with the Release Keystore use this
signingConfigs {
release {
storeFile file('file location')
storePassword 'your store password'
keyAlias 'your key alias'
keyPassword 'your key password'
}
}
and then add in the variant of release this
release{
signingConfig singingConfigs.release
}

Related

Trying to connect Huawei IAP SDK for Inapp payments - 6003 error

I'm trying to connect Huawei IAP SDK for Inapp payments. After adding an app in developer console and some inapp items, I tried to run Iap.getIapClient(activity).isBillingSupported method, but got com.huawei.hms.support.api.iap.json.IapApiException: 6003 error. Can't get any information about that status code, what does it mean. Does anybody know something about it?
I had the same problem and here is the fix. The error clearly says that 6003 -> StatusCode.CERT_FINGERPRINT_ERROR. It looks like Huawei can't validate the originality of the app, because of the missing certificate.
You either didn't added agconnect to your project or you're running in a different build type (like debug, that was my issue because I added agconnect several days ago).
If you didn't added the agconnect to your project, make sure you add it. There is an official tutorial how to add it, but here is it in a nutshell:
First of all you need to add the agconnect dependency to your project, download the agconnect-services.json file from Huawei's Developer (from your App). You need to obtain a SHA256 fingerprint with keytool and add this long fingerprint to your Huawei's Developer field.
https://developer.huawei.com/consumer/en/doc/development/HMS-Guides/iap-configuring-appGallery-connect#certificate
If you added agconnect (like I did several days ago) and the error persisted, it was because you were running in debug or any other build type which is different than what your official release. If you're running in debug make sure you add the signing certificate to your debug build type.
signingConfigs {
release {
storeFile file('C:\\path-to-your\project\signing-certificate.jks')
keyAlias 'aliasOfYourCertificate'
keyPassword 'theKeyPasswordOfCertificate'
storePassword 'theStorePasswordOfCertificate'
}
}
buildTypes {
release {
signingConfig signingConfigs.release
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
debug {
signingConfig signingConfigs.release
}
}
So the key here is adding the signingConfig to your debug build type (if you're running in debug).
Check whether the certificate fingerprint is correctly configured on HUAWEI Developer. Sign into HUAWEI Developer, go to Management Center > My Products, and select the services that require fingerprint certificate. In the product service list, check whether the SHA256 certificate fingerprint is same as the one you obtained. If not, modify the SHA256 certificate fingerprint, then clear the HMS cache.
If the issue persists, contact HUAWEI support.
Resource: https://developer.huawei.com/consumer/en/service/hms/catalog/huaweiid.html?page=hmssdk_huaweiid_api_reference_errorcode

How to make sure that app signing passwords are not available if someone decompiles the apk?

Currently, I sign the app in the following manner where keys are read from env in CI.
signingConfigs {
release {
storeFile file(System.getenv("ANDROID_KEYSTORE_PATH"))
storePassword System.getenv("KEYSTORE_PASSWORD")
keyAlias System.getenv("KEY_ALIAS")
keyPassword System.getenv("KEY_PASSWORD")
}
}
buildTypes {
release {
signingConfig signingConfigs.release
manifestPlaceholders = [excludeSystemAlertWindowPermission: "true"]
}
}
But this method will make the passwords available if someone decompiles the apk.
Is there a way by which keys are only used during the signing and then stripped from code and then uploaded to Play store?
Or if someone can point me to more secure ways of signing apk's?
This details doesn't get bundled in a apk file, so even if someone de-compiles your apk he wont get to see this.
You can alternatively use android studio to create a signed apk.
Check this link to see how it is done

Updating existing debug app with different developers

I have trouble with updating the debug version of the app's apk:
Installation failed with message Failed to finalize session : INSTALL_FAILED_UPDATE_INCOMPATIBLE: Package [here our package] signatures do not match the previously installed version; ignoring
Two developers. Two PC's with same Android Studio versions (3.2.1). But when I try to install - have this, when the second developer make a debug apk with the same code (with git) it installs normally.
If I make an apk - it's an error occurred via an update of a version of the second developer on a different device (tester).
What I've tried already:
Restart Android Studio.
Clean and Rebuild.
Invalidate Caches and Restart.
Build apk and installed from the device. ("Application doesn't install" error occurred during update)
Increase versionCode.
The device is a Lenovo TB-X103F tablet on Android 6.0.1.
You need to use the same debug keystore. Your colleagues' keystore will be at:
Windows: C:\Users\USERNAME\.android\debug.keystore
Linux / Mac: ~/.android/debug.keystore
3 solutions are below in descending order of correctness:
In the long term, this should be configured inside your project, so that anyone with the project can sign the debug builds. This is done by configuring your build.gradle like so.
You can also set your signing config inside Android Studio, so you are not reliant on copying his file in the future. Here is how to set it.
You could also just replace your debug keystore in that location with your colleagues, so you are using the same config.
Different keystore files cause this warning. For the exact solution;
-Create your own keystore files for each build types.
-Define buildTypes and SigningConfigs in app level gradle file
like this:
signingConfigs {
release {
keyAlias '******'
keyPassword '******'
storeFile file('...\\release.jks')
storePassword '******'
}
debug {
keyAlias 'alias'
keyPassword '******'
storeFile file('...\\debug.jks')
storePassword '******'
}
}
buildTypes {
release {
lintOptions {
}
debuggable false
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
}
debug {
debuggable true
minifyEnabled false
signingConfig signingConfigs.debug
}
}
NOTE!!! You can move debug keystore file into project folder(app folder will be a good choice). So both developers have the same keystore easily.

Release vs debug build differences in Android

All,
we are facing a weird issue where our app is working fine in a debug build variant. But it is failing to execute properly on a release build variant.
The even weird thing is that if we set debuggable to true for the release build variant, it works fine. Proguard is disabled in both variants.
Im trying to understand what is the difference between the release and debug build variants in android. could you point me to any resources which helps me to understand the differences ?
Thank you
The following works. But if i remove the debuggable, it fails to work properly. Debug build always works.
buildTypes {
release {
debuggable true
signingConfig signingConfigs.release
}
debug {
signingConfig signingConfigs.debug
}
}
Maybe the problem is related to the signing of the apk. If you use debuggable true then your app is signed with a generic debug keystore and everything works correctly.
Conversely, if you remove it you have to provide
storeFile file("myreleasekey.keystore")
storePassword "password"
keyAlias "MyReleaseKey"
keyPassword "password"
More info here:
https://developer.android.com/studio/build/build-variants.html#build-types
Check if you have used anything like BuildConfig.DEBUG in your java files. That must be causing an issue.
I was once facing the same problem. I found that I was using a code like if(BuildConfig.DEBUG) { Toast(...); }. That was the problem for me. I changed it to if(!BuildConfig.DEBUG) { Toast(...); } which made my application to work in the release version of the application.

app-release-unsigned.apk is not signed

I downloaded the zip file of an Android app on github and I'm trying to run it, but I get a dialog with this message
app-release-unsigned.apk is not signed. Please configure the signing information for the selected flavor using the Project Structure dialog.
I'm using Android Studio.
What am I supposed to do?
If anyone wants to debug release build using Android Studio, follow these steps:
Set build variant to release mode.
Right click on app in left navigation pane, click Open Module Settings.
Go to Signing Tab. Add a signing config and fill in information. Select your keychain as well.
Go to Build Type tab. Select release mode and set:
-Debuggable to true.
-Signing Config to the config. (The one you just created).
Sync your gradle. Enjoy!
Make sure the build variant is set to debug (and not release) in Android Studio (check the build variants panel).
If set to debug, it should automatically sign the app with the auto-generated debug keystore, without editing the build scripts.
However you will need to create and configure a specific keystore for release.
Official documentation, covering debug and release modes: https://developer.android.com/tools/publishing/app-signing.html
Always sign your build using your build.gradle DSL script like this:
android {
signingConfigs {
debug {
storeFile file("debug.keystore")
}
myConfig {
storeFile file("other.keystore")
storePassword "android"
keyAlias "androidotherkey"
keyPassword "android"
}
}
buildTypes {
bar {
debuggable true
jniDebugBuild true
signingConfig signingConfigs.debug
}
foo {
debuggable false
jniDebugBuild false
signingConfig signingConfigs.myConfig
}
}
}
If you want to understand a little more of the Gradle build system associated to Android Studio just pay a visit to:
Gradle Plugin User Guide
If anyone wants to debug and release separate build variant using Android Studio 3.5, follow the below steps:
1. Set build variant to release mode.
Go to File >> Project Structure
Select Modules, then Signing Config
Click in the Plus icon under Signing Config
Select release section and Provide your release App Information then Apply and OK.
Go to your app level build.gradle and change your buildTypes > "release" section like below Screenshot.
Then Run your Project. Happy Coding.
I was successfully able to debug signed APK , Follow this procedure:-
Choose "release" version in "Build Variant" ToolBar
In the Build.gradle for the module set debuggable true for release build type
Go to File->Project Structure->under signing tab fill all info->Under Flavours
tab->Choose signing Config You just created
Set the breakpoints
Run the application in the debug mode
For gradle Kotlin dsl
signingConfigs {
create("releaseConfig") {
storeFile = file("your keystore file path")
storePassword = "storePassword"
keyAlias = "keyAlias"
keyPassword = "keyPassword"
}
}
buildTypes {
getByName("release") {
signingConfig = signingConfigs.getByName("releaseConfig")
isMinifyEnabled = true
isShrinkResources = true
proguardFiles(getDefaultProguardFile("proguard-android.txt"), "proguard-rules.pro")
}
}
signingConfigs should be before buildTypes
signingConfigs {
debug {
storeFile file("debug.keystore")
}
myConfig {
storeFile file("other.keystore")
storePassword "android"
keyAlias "androidotherkey"
keyPassword "android"
}
}
buildTypes {
bar {
debuggable true
jniDebugBuild true
signingConfig signingConfigs.debug
}
foo {
debuggable false
jniDebugBuild false
signingConfig signingConfigs.myConfig
}
}
if you want to run app in debug mode
1) Look at Left Side bottom, above Favorites there is Build Variants
2) Click on Build Variants. Click on release and choose debug
it works perfect !!!
The app project you downloaded may include a signed info in the file of build.gradle. If you saw codes like these:
buildTypes {
debug {
signingConfig signingConfigs.release
}
release {
signingConfig signingConfigs.release
}
}
you could delete them and try again.
My problem was solved by changing the build variant as suggested by Stéphane , if anyone was struggling to find the "Build variants" as I did here is a screenshot where you can find it .
For security reasons, you cannot install an unsigned apk on Android. So if you only have the unsigned apk: you must sign it. Here is how to do that : link
Note that you can sign the apk with a self-signed certificate.
An alternative can be either :
to download the signed apk if available.
to download the sources, compile them (with Android-Studio or gradle or ...). It will produce multiple apks and one of them will be signed with your debug-key (and so you will be able to install it)
How i solved this
This error occurs because you have set your build variants to release mode. set it to build mode and run project again.
If you want to run in release mode, just generate a signed apk the way we do it normally when releasing the app
In tool window bar select Build Variants
Change Build Variant from Release to Debug
My solution was to change the name of my signing config from the default "config" to "debug". To verify, I changed it to some other random name and got the error again, and then changed it back to "debug" and the error was gone. So while it seems artificial and I tend to not believe this is the whole story, give this solution a try.
i also appear this problem,and my code below
storeFile file(properties.getProperty("filepath"))
storePassword properties.getProperty("keypassword")
keyAlias properties.getProperty("keyAlias")
keyPassword properties.getProperty("keypassword")
the reason is property name error,it should be keyPassword not keypassword
What finally worked for me, and I have no idea why, is:
Went to LastPass (the service I use to keep all my passwords)
Select my password by putting the cursor on top of the password and double clicking
Once selected I press cmd C to copy
Went to Android study and cmd V to paste
Notice I did try to copy many times by selecting the password by clicking at the end of the password and selecting the password by moving the mouse.
It is strange but it only worked by double clicking on top of the password to copy it.
Also I did use the Open Module Settings > Signing... method explained by #NightFury on this post.
adding below lines of code in build.gradel file worked for me, add them under buildTypes block below release as shown
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
debug {
applicationIdSuffix ".debug"
debuggable true
}

Categories

Resources