I face a problem when trying to install debug type .apk file over another one on my device. I have an app with versionCode=n already installed. When I try to install the same app with versionCode=n+1 i get an error.
Here is the message after i call the command adb install xxx.apk
failed to install xxx.apk: Failure
[INSTALL_FAILED_UPDATE_INCOMPATIBLE: Package xxx signatures do not
match the previously installed version; ignoring!]
All my .apk files are signed with Android debug keystore. It is confirmed by command jarsigner -verify -verbose -certs xxx.apk that gives me next message:
Signed by "C=US, O=Android, CN=Android Debug"
Digest algorithm: SHA-256
Signature algorithm: SHA256withRSA, 2048-bit key
jar verified.
These .apk files are built via TeamCity CI that just calls assembleDebug command.
It is very strange because I can update release APK files built by CI easily. This problem occurs only in case of debug builds.
Do you have any idea about this?
Thanks in advance
Each debug build of your android application will be signed with the debug keystore.
This is a problem because in continous integration environments, like travis-ci or docker, the debug keystore is regenerated on each creation of the environment.
This means if someone has a debug version of your application, they won't be able to upgrade to a more recent version, because the keystores will be different.
Credits to: https://newfivefour.com/android-debug-build-constant-signed-keystore.html
Also to compare if two apks are signed with the same key:
check: How do I find out which keystore was used to sign an app?
Related
I have an apk using eclipse ADT and old keystore.
now app update on google play store requires using App Signature Scheme v2 and target API 30.
is there a way I can do to create a keystore signature scheme v2 file, without having to migrate my app from Eclipse ADT to Android Studio.
Thanks.
I am using this as a quick fix hack
after the zipalign step is done :
zipalign -v 4 HelloWorld-release-unsigned.apk HelloWorld.apk
I have followed this extra step:
apksigner sign --ks app.keystore --v1-signing-enabled true --v2-signing-enabled true HelloWorld.apk
Please note : use the same password you used for the keystore file.
So now you can upload your .apk file or .aab file to play store
With the help of this answer I managed to sign my Eclipse Android project with signature scheme v2. I am running Eclipse under Ubuntu.
Right click on the project and select Android Tools -> Export Unsigned Application Package...
Specify the destination of the unsigned apk file.
In the console execute this: zipalign -f 4 unsigned.apk signed.apk
and this: apksigner sign -ks path_to_keystore_file --v1-signing-enabled true --v2-signing-enabled true signed.apk
Enter the password for the keystore.
Enter the password for the signer.
zipalign and apksigner I installed before with sudo apt install zipalign apksigner.
I am using Eclipse for Android Developers with version "Oxygen Release Milestone 2 (4.7.0 M2) Build id: 20160922-0846".
After build for release -> jarsigner -> zipalign,
I just need these scripts. To sign the apk with APK Signature Scheme v2:
apksigner sign --ks yourkeystore.keystore yourapk.apk
To verify the signing
apksigner verify -v yourapk.apk
Trying to install application with ADB on physical device connected via USB:
adb -s ce06160684b99a0902 install E:\D\android\MQTT\app\debug\app-debug.apk
Got error:
E:\D\android\MQTT\app\debug\app-debug.apk: 1 file pushed. 4.0 MB/s (3747450 bytes in 0.903s)
pkg: /data/local/tmp/app-debug.apk
Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]
I was generated application via Build->Generate Signed Bundle/APK -> APK and entered key data:
I suppose this procedure generates certificate? How to fix this problem?
It is trying to install app-debug.apk whereas the signed apk name is app-release.apk . What code are you using to install the apk to your device? Also try adding this certificate through
Project Structure -> Default Config -> Signing Config
For both debug and release if required.
According to documentation (Sign your debug build), you don't have to explicitly sign your app-debug.apk, it's done automatically. It uses a specific keystore, generated for you, under $HOME/.android/debug.keystore.
So you only need to click the play button, with your device selected in the drop-down list, as described here.
You could also click on Rebuild Project instead of Generate Signed Bundle / APK, and manually upload it to device with your adb command.
Our team decided to upgrade our react-native version from 0.59.x to 0.61.5. We have so many difficulty upgrading it so we decide to start a new repo from fresh (npx react-native init appName) and copy over our code.
After we make sure the app are running both on Android and ios simulator. We use the same scripts to build the .aab file and upload to Google Play Console. But Google Play Console won't let us. This is the error message shown:
Upload failed
You uploaded an APK with an invalid signature (learn more about
signing). Error from apksigner:
There is no other error message after "apksigner:" so I am pretty sure it is a different problem than other similar questions on stack overflow.
I am also sure that we are using the same keystore file
Below is how we build our .aab file
curl "http://localhost:8081/index.bundle?platform=android" -o "android/app/src/main/assets/index.android.bundle"
cd $REPO_PATH/android
./gradlew bundleRelease
cd ..
# sign the aab
jarsigner -sigalg SHA1withRSA -digestalg SHA1 -keystore ~/my-release-key.keystore $REPO_PATH/android/app/build/outputs/bundle/release/app.aab traytAndroidKey
# zipalign the aab and output it to another file
$HOME/Library/Android/sdk/build-tools/28.0.3/zipalign -f -v 4 $REPO_PATH/android/app/build/outputs/bundle/release/app.aab $REPO_PATH/android/app/build/outputs/bundle/release/app-release-signed-aligned-$VERSION_CODE.aab
Please help :(
It seems that you are uploading an AAB and not an APK.
AABs don't need to be zip-aligned.
Try only signing with jarsigner.
Also, try verifying the signature with jarsigner too.
After following the procedure in Signing your APP with the ADT plugin for Eclipse, I verified manually the signed apk (described below in the same page) with:
$ jarsigner -verify -verbose -certs my_application.apk
And every entry was signed properly [s and sm], but at the end this showed up:
Warning:
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a
timestamp. Without a timestamp, users may not be able to validate this
jar after the signer certificate's expiration date (2040-01-01) or
after any future revocation date.
Is it better for apks uploaded to Goggle Play to have the jar (apk)'s entries with a validated "certificate chain" and with the signatures with a timestamp?... Why (and why doesn't the Export procedure achieve this)?
If it is better, what do I need to do?
The zipalign suggested at the end of that page:
$ zipalign -v 4 your_project_name-unaligned.apk your_project_name.apk
Verified everything successfully.
You're probably using the Java 7 tools. If you install and use the Java 6 tools this will go away.
i am trying to install my .apk file to emulator but it is giving me error.
subh#subh:~/subh/droidbox/android-sdk-linux/platform-tools$ ./adb -s emulator-5554 install /home/subh/subh/androidapp/HelloAndroid/bin/HelloAndroid-release-unsigned.apk
11 KB/s (2919 bytes in 0.245s)
pkg: /data/local/tmp/HelloAndroid-release-unsigned.apk
Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]
then i used jarsigner to sign the .apk
subh#subh:~/subh/androidapp/HelloAndroid/bin$ jarsigner -verify -verbose -certs HelloAndroid-release-unsigned.apk
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
no manifest.
jar is unsigned. (signatures missing or not parsable)
subh#subh:~/subh/androidapp/HelloAndroid/bin$
but still i have problem of certificate.
The second command seems to give an error. Can you try cleaning your project in Eclipse and creating a new APK?
I got the answer .apk need to be signed before we want to release it.
In case of ant we have two modes debug and release.
# ant debug
this will automatically generate keypair and signed the .apk for us for the debug purpose.
#ant release
this will require to specify keystore in build.xml.
for more details http://developer.android.com/guide/developing/building/building-cmdline.html
http://developer.android.com/guide/publishing/app-signing.html