Develop Reference

Azure devops pipeline to build and deploy my native Android application Google Play store or App Center as App Bundle

I need to setup Azure a devops pipeline to build and deploy my native Android application to Google Play store or App Center as App Bundle.
I could figure out to deploy an apk but need help to deploy app bundle(.aab). Any help would be appreciated.

Change the apkFiles to **/*.aab and pass the algorithms, -sigalg SHA256withRSA -digestalg SHA-256 as jarsignerArguments.
Like this:
- task: AndroidSigning#2
inputs:
apkFiles: '**/*.aab'
jarsign: true
jarsignerKeystoreFile: 'pathToYourKeystoreFile'
jarsignerKeystorePassword: '$(jarsignerKeystorePassword)'
jarsignerKeystoreAlias: '$(yourKeystoreAlias)'
jarsignerKeyPassword: '$(jarsignerKeyPassword)'
jarsignerArguments: '-sigalg SHA256withRSA -digestalg SHA-256'
zipalign: true

You can use the Google Play - Release Bundle task to deploy app bundle(.aab). After the Google play extension is installed in your azure devops organization. You can add Google Play - Release Bundle task in your pipeline and configure the bundleFile field to the location of the generated .aab bundleFile. See below.
- task: ms-vsclient.google-play.google-play-release-bundle.GooglePlayReleaseBundle#3
displayName: 'Release functionParam.ps1 to internal'
inputs:
serviceConnection: googleServiceEndPoint
applicationId: applicationId
bundleFile: **/*.aab
Check out below tutorial to create a pipeline for your Android application
Build, test, and deploy Android apps
Update:
You can sign aab bundle using jarsigner command in azure pipeline. You might need to use download secure file task to use your keystore_file if you upload it to secure file. For example run below jarsigner command in a powershell task:
jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore my_keystor_file.keystore -storepass 'super_secret_keystore_pass' -keypass 'super_secret_alias_password' my-app-bundle.aab myKeyStoreAlias
See this thread for more information.
You can also use Xamarin.Android build task. And pass below arguements in Additional arguments for the build to package and sign the App Bundle:
-restore -t:SignAndroidPackage -p:AndroidPackageFormat=aab -p:AndroidKeyStore=True -p:AndroidSigningKeyStore=$(keystore.secureFilePath) -p:AndroidSigningStorePass=$(KeystorePassword) -p:AndroidSigningKeyAlias=$(KeystoreAlias) -p:AndroidSigningKeyPass=$(KeystorePassword)
See here for more information.

Google sign in error Status{statusCode=DEVELOPER_ERROR, resolution=null}

I am integrating gmail login in my android application by following this thread :
https://developers.google.com/identity/sign-in/android/sign-in?configured=true
But I am getting error as :
Status{statusCode=DEVELOPER_ERROR, resolution=null}
I looked through this status code documentation here :
https://developers.google.com/android/reference/com/google/android/gms/common/ConnectionResult.html#DEVELOPER_ERROR
Above link does not help to diagnose the problem,
I have created the debug keystore file, & generated SHA-1 using keytool, also in Google developer console, I added package name as it is in manifest file or gradle file.
But all seems to fail can anybody tell me what does this error code suggest what may go wrong ?

Problem was SHA1 mismatch,
1] First Keystore File : I solved the error, problem was while building apk Android studio was taking default keystore file which was located inside C:\Users\<LOGGED_IN_USER_NAME>\.android\debug.keystore
2] Second Keystore File : Also I created one other keystore file which was located at different directory i.e. app/keystore/debug.keystore
While configuring the google developer console to integrate gmail login within app I gave sha-1 key generated through second keystore file above, the studio while building the apk file taking other keystore file hence sha-1 key mismatch was happening.
In order to take my keystore file located # app/keystore/debug.keystore I configured gradle file at app level with following code :
signingConfigs {
debug {
storeFile file('keystore/debug.keystore')
keyAlias 'androiddebugkey'
keyPassword 'android'
storePassword 'android'
}
/*
release {
storeFile file('release.keystore')
storePassword "mystorepassword"
keyAlias "mykeyalias"
keyPassword "mykeypassword"
}
*/
Now the generated apk sha-1 signature matches with the sha-1 key configured on google developer console for your app.
One note : Always use debug.keystore for debugging the gmail integration (At the time of development).
Refs :
For gmail integration :
https://developers.google.com/identity/sign-in/android/start-integrating
To see which sha-1 is getting used for your application see this stackoverflow thread :
SHA-1 fingerprint of keystore certificate

For anyone who is using React Native Google Signin and Firebase, try this.
Step 1: Get the SHA-1 of your Android Developer Debug Keystore
keytool -exportcert -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore
The password is android. Copy the SHA-1 value, which will look something like this in the output:
Certificate Fingerprints
....
SHA1: aa:bb:cc:dd:ee:ff:11:22:33:44:47:D0:9E:8D:E0:0C:79:F1:0F:CB
Step 2: Add the SHA to the Android App in the Firebase Console
Now open up your Android App in the Firebase console and add the SHA-1:

For react native app google login I followed following steps and it worked
Setup app in firebase console for iOS/Android on the following link
https://console.firebase.google.com/
Download GoogleService-Info.plist for iOS and google-services.json for Android
Don't forget to set SHA certificate fingerprints SHA1 for android setup. It's mandatory to work with Android.
Then copy Web client (auto created by Google Service) from OAuth 2.0 client IDs from following URL to access Google developer console
https://console.developers.google.com/
After doing all of these steps in firebase developer console and Google developer console
move to your code
Open your .js file from where you provide an option to login via Google.
In componentDidMount place following code
GoogleSignin.configure({
iosClientId: Constants.GOOGLE_LOGIN_CLIENT_ID_IOS,
webClientId: Constants.GOOGLE_WEB_CLIENT_ID,
offlineAccess: false
});
or you can create a separate method like this and call it in componentDidMount to configure GoogleSignIn
async setupGoogleSignin() {
try {
await GoogleSignin.hasPlayServices//({ autoResolve: true });
await GoogleSignin.configure({
iosClientId: Constants.GOOGLE_LOGIN_CLIENT_ID_IOS,
webClientId: Constants.GOOGLE_WEB_CLIENT_ID,
offlineAccess: true
});
const user = await GoogleSignin.currentUserAsync();
console.log("user from google sin in", user);
} catch (err) {
console.log("Google signin error", err.code, err.message);
}
}
After configuring GoogleSignIn you can call the following method on the press of GoogleSignInButton
googleAuth() {
GoogleSignin.signIn()
.then(user => {
console.log("user==", user);
console.log("user name = ", user.user.email);
console.log("accessTOken = ", user.accessToken);
this.props.socialMediaLogin( // this is my method that I call on successful authentication
user.user.id,
user.user.name,
user.user.givenName,
user.user.familyName,
user.user.email,
user.user.photo,
"GOOGLE",
user.accessToken
);
})
.catch(err => {
console.log("WRONG SIGNIN", err);
})
.done();
}

I just unblocked myself after struggling with this for almost 6 hours and here are my findings.
Please make sure the following:
Correct package name in Google Developer console. (Don't go with just the package name from AndroidManifest.xml. Inspect the Gradle files to see if you flavor name is being changed dynamically when building).
Generate Sha-1 Hash at the correct keystore location. (I was going with default keystore location ~/.android/debug.keystore but found out that my app was overriding with another location in the repository and hence, i was getting developer_error all along.)
PS: In case of your app uses backend server to pull data offline, create the project from the Google sign-in flow since this will generate OAuth Client id's for both Android and WebServer.

For Windows
For windows use this keytool -exportcert -list -v -alias androiddebugkey -keystore C:\Users[YOUR WINDOWS USER NAME].android\debug.keystore
Like this
keytool -exportcert -list -v -alias androiddebugkey -keystore "Your debug.keystore" Path
keytool -exportcert -list -v -alias androiddebugkey -keystore C:\Users\keshav.gera.android\debug.keystore
keytool -exportcert -list -v -alias androiddebugkey -keystore E:\HNSetup2\healthnickel\HealthNickel\android\app\debug.keystore
Password is :- android
ass your SHA1 Here Firebase Console
Note ===> update your google-service.json file in your app folder Please update

My problem was the SHA1 key in the developer console didn't match the one generated from my debug.keystore file. Run
keytool -exportcert -keystore path-to-debug-or-production-keystore -
Copy the SHA1 key and paste it into the developer console (console.developers.google.com) under your app > credentials > OAuth 2.0 client IDs > Oauth > Signing-certificate fingerprint

Another thing to watch is that newer versions of keytool (eg for Java 9) will generate a SHA-256 value, not SHA-1.

For Ionic apps with a native GoogleSignIn plug-in, try setting "Application type" to "Web application" instead of "Android" when creating the "OAuth client ID" in the Google Cloud Console.
This solved it for my Ionic capacitor app when using the #codetrix-studio/capacitor-google-auth plug-in.

In my case I was using the wrong SHA-1
In my case I was using this
keytool -exportcert -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore
for SHA-1.
When I used this
keytool -exportcert -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore
and pasted the SHA-1 in firebase console it worked

Why Google don't use jarsigner to sign apk?

In the Android source code project , I found that ADT doesn't use jarsigner to sign a APK, as:
jarsigner -sigalg MD5withRSA -digestalg SHA1 -keystore *pathtokey* -storepass *yourpass* -keypass *yourpass* *app.apk* *keyalias*
or
String args[] = {"-keystore", keystore, "-storepass", password, jar, keyname};
JarSigner js = new JarSigner();
js.run(args);
, ADT will read the keystore and sign the apk by coding, It's really confusing me.

Maybe at the time it was just sun.security.* implementation available and they did not want to import sun.* packages to Android source. So they created own signer implementation.
http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/tools/JarSigner.java

"Wrong version of key store" error. How can I create a version=1 keystore certificate?

I am having trouble using SSL, as I am getting the following error related to my keystore (self-created and self-signed using keytool per: http://developer.android.com/tools/publishing/app-signing.html):
08-14 20:55:23.044: W/System.err(5430): java.io.IOException: Wrong
version of key store. 08-14 20:55:23.060: W/System.err(5430): at
org.bouncycastle.jce.provider.JDKKeyStore.engineLoad(JDKKeyStore.java:812)
...
The error thrown in the JDKKeyStore.java class arises in the following code:
Blockquote
From JDKKeyStore.java:
if (version != STORE_VERSION)
{
if (version != 0)
{
throw new IOException("Wrong version of key store.");
}
}
Blockquote
In this case STORE_VERSION = 1, and my version=3 based on reading the details of the certificate held by the keystore I have created. I do not know how to generate a keystore containing a version=1 certificate.
I found this answer helpful:
wrong version keystore when doing https call
however it calls for creating the keystore using the following parameters:
-storetype BKS
-provider org.bouncycastle.jce.provider.BouncyCastleProvider
-providerpath /path/to/bouncycastle.jar
However, when I try to create the keytool (using the terminal app on Mac) using these parameters:
keytool -genkeypair -v -alias androiddebugkey -keyalg RSA -keysize
2048 -validity 10000 -keypass android -keystore
/Users/djames/dropbox/bc146keystore/debug.keystore -storepass android
-providerclass org.bouncycastle.jce.provider.BouncyCastleProvider –providerpath /Users/djames/dropbox/bc146keystore/
(where /Users/djames/dropbox/bc146keystore/ is the path to the bouncy castle jar: bcprov-jdk16-146.jar)
I get the following error:
keytool error: java.lang.RuntimeException: Usage error, ?providerpath
is not a legal command java.lang.RuntimeException: Usage error,
?providerpath is not a legal command at
sun.security.tools.KeyTool.parseArgs(KeyTool.java:375) at
sun.security.tools.KeyTool.run(KeyTool.java:171) at
sun.security.tools.KeyTool.main(KeyTool.java:166)
I do not understand what this is telling me. If I use: keytool -help it tells me that the following are valid options for the -genkeypair option:
-genkeypair [-v] [-protected]
[-alias ]
[-keyalg ] [-keysize ]
[-sigalg ] [-dname ]
[-validity ] [-keypass ]
[-keystore ] [-storepass ]
[-storetype ] [-providername ]
[-providerclass [-providerarg ]] ...
[-providerpath ]
But in the Oracle docs java version 6 that I am using
(http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html)
it tells me that these are the options:
-genkeypair {-alias alias} {-keyalg keyalg} {-keysize keysize} {-sigalg sigalg} [-dname dname] [-keypass keypass] {-validity valDays}
{-storetype storetype} {-keystore keystore} [-storepass storepass]
{-providerClass provider_class_name {-providerArg provider_arg}} {-v}
{-protected} {-Jjavaoption}
which does not include the -providerpath option. Why the discordance?
(If I do not use the -providerpath option, then I get an unknown class exception at the option: "-providerclass org.bouncycastle.jce.provider.BouncyCastleProvider"...)
When I google: keytool -providerpath
I get nothing helpful to resolve this.
I am not sure how to solve my keystore version problem without solving my keytool problem. Any suggestions appreciated.
Jim
(Mac OSX 10.6.8 if relevant)

My problem was using a version of bouncy castle that was too new. I had to use 146 - any later and it gave me this error.

I was able to get past this problem with the version of keystore. see: keytool error when creating BKS keystore: providerpath is not a legal command

The version mismatch is for the key store version, not the certificate version (which should have the value 2 for a v3 X.509 certificate).
What version of the JDK did you use keytool from? Did you specify a full path to the command, or use what was in your PATH? Are you sure that you are using JKS key stores, and not JCEKS stores?

In order to complete Ryan answer as I had to dig in to find out how to generate a BKS with Bouncy Castle 1.46, you can use Portecle to generate the BKS.
Download Boucycastle Provider 1.46
Install or unzip it.
Replace bcprov.jar in your Portecle install directory (example: C:\Program Files (x86)\Portecle\bcprov.jar). Same naming is required.
Restart Portecle and generate your BKS truststore.
This explained here.
Edit:
Since Portecle 1.8, you can use BKS-V1 type to generate your truststore without to replace bcprov.jar.
You can select it after clicking on New keystore or change the type via the menu Tools -> Change KeyStore Type.

How can I create a keystore?

What are the steps to create a keystore for android?
I need to use google maps in my app and I don't know what steps I missed.
Please provide me with the specific detailed steps (I didn't understand it from the guides).

To answer the question in the title, you create a keystore with the Java Keytool utility that comes with any standard JDK distribution and can be located at %JAVA_HOME%\bin. On Windows this would usually be C:\Program Files\Java\jre7\bin.
On Windows, open a command window and switch to that directory. On Linux type OS do the same with a terminal. Then run:
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Keytool prompts you to provide passwords for the keystore, provide the Distinguished Name fields and then the password for your key. It then generates the keystore as a file called my-release-key.keystore in the directory you're in. The keystore and key are protected by the passwords you entered. The keystore contains a single key, valid for 10000 days. The alias_name is a name that you — will use later, to refer to this keystore when signing your application.
For more information about Keytool, see the documentation at: http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
and for more information on signing Android apps go here: http://developer.android.com/tools/publishing/app-signing.html

Signing Your App in Android Studio
To sign your app in release mode in Android Studio, follow these steps:
1- On the menu bar, click Build > Generate Signed APK.
2-On the Generate Signed APK Wizard window, click Create new to create a new keystore.
If you already have a keystore, go to step 4.
3- On the New Key Store window, provide the required information as shown in figure
Your key should be valid for at least 25 years, so you can sign app updates with the same key through the lifespan of your app.
4- On the Generate Signed APK Wizard window, select a keystore, a private key, and enter the passwords for both. Then click Next.
5- On the next window, select a destination for the signed APK and click Finish.
referance
http://developer.android.com/tools/publishing/app-signing.html

I was crazy looking how to generate a .keystore using in the shell a single line command, so I could run it from another application. This is the way:
echo y | keytool -genkeypair -dname "cn=Mark Jones, ou=JavaSoft, o=Sun, c=US" -alias business -keypass kpi135 -keystore /working/android.keystore -storepass ab987c -validity 20000
dname is a unique identifier for the application in the .keystore
cn the full name of the person or organization that generates the .keystore
ou Organizational Unit that creates the project, its a subdivision of the Organization that creates it. Ex. android.google.com
o Organization owner of the whole project. Its a higher scope than ou. Ex.: google.com
c The country short code. Ex: For United States is "US"
alias Identifier of the app as an single entity inside the .keystore (it can have many)
keypass Password for protecting that specific alias.
keystore Path where the .keystore file shall be created (the standard extension is actually .ks)
storepass Password for protecting the whole .keystore content.
validity Amout of days the app will be valid with this .keystore
It worked really well for me, it doesnt ask for anything else in the console, just creates the file. For more information see keytool - Key and Certificate Management Tool.

Create keystore file from command line :
Open Command line:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved
// (if you want to store keystore file at C:/ open command line with RUN AS ADMINISTRATOR)
C:\Windows\system32> keytool -genkey -v -keystore [your keystore file path]{C:/index.keystore} -alias [your_alias_name]{index} -keyalg RSA -keysize 2048 -validity 10000[in days]
Enter > It will prompt you for password > enter password (it will be invisible)
Enter keystore password:
Re-enter new password:
Enter > It will ask your detail.
What is your first and last name?
[Unknown]: {AB} // [Your Name / Name of Signer]
What is the name of your organizational unit?
[Unknown]: {Self} // [Your Unit Name]
What is the name of your organization?
[Unknown]: {Self} // [Your Organization Name]
What is the name of your City or Locality?
[Unknown]: {INDORE} // [Your City Name]
What is the name of your State or Province?
[Unknown]: {MP} //[Your State]
What is the two-letter country code for this unit?
[Unknown]: 91
Enter > Enter Y
Is CN=AB, OU=Self, O=Self, L=INDORE, ST=MP, C=91 correct?
[no]: Y
Enter > Enter password again.
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,000 days
for: CN=AB, OU=Self, O=Self, L=INDORE, ST=MP, C=91
Enter key password for <index> (RETURN if same as keystore password):
Re-enter new password:
[ Storing C:/index.keystore ]
And your are DONE!!!
Export In Eclipse :
Export your android package to .apk with your created keystore file
Right click on Package you want to export and select export
Select Export Android Application > Next
Next
Select Use Existing Keystore > Browse .keystore file > enter password > Next
Select Alias > enter password > Next
Browse APK Destination > Finish
In Android Studio:
Create keystore [.keystore/.jks] in studio...
Click Build (ALT+B) > Generate Signed APK...
Click Create new..(ALT+C)
Browse Key store path (SHIFT+ENTER) > Select Path > Enter name > OK
Fill the detail about your .jks/keystore file
Next
Your file
Enter Studio Master Password (You can RESET if you don't know) > OK
Select *Destination Folder * > Build Type
release : for publish on app store
debug : for debugging your application
Click Finish
Done !!!

This tutorial:
“sign-your-android-applications-for.html”
Archived here:
https://web.archive.org/web/20181002011446/http://techdroid.kbeanie.com/2010/02/sign-your-android-applications-for.html
was very helpful for me the first time I had to create a keystore. It is simple but the instructions on developer.android.com are a little too brief.
The part I was unsure about was where to save and what name to give the keystore file.
I seems it doesn't matter where you put it just be sure to keep it safe and keep a number of backups.
I just put it in my app directory
Name the file "something.keystore" where something can be whatever you want. I used app_name.keystore, where app_name was the name of my app.
The next part was what to name the alias. Again it doesn't seem to matter so again I just used the app_name again. Keep the passwords the same as you used before. Fill out the rest of the fields and you are done.

Use this command to create debug.keystore
keytool -genkey -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android -keyalg RSA -keysize 2048 -validity 10000 -dname "CN=Android Debug,O=Android,C=US"

I followed this guide to create the debug keystore.
The command is:
keytool -genkeypair -alias androiddebugkey -keypass android -keystore debug.keystore -storepass android -dname "CN=Android Debug,O=Android,C=US" -validity 9999

First thing to know is wether you are in Debug or Release mode. From the developer site "There are two build modes: debug mode and release mode. You use debug mode when you are developing and testing your application. You use release mode when you want to build a release version of your application that you can distribute directly to users or publish on an application marketplace such as Google Play."
If you are in debug mode you do the following ...
A. Open terminal and type:
keytool -exportcert -alias androiddebugkey -keystore path_to_debug_or_production_keystore -list -v
Note: For Eclipse, the debug keystore is typically located at ~/.android/debug.keystore...
B. when prompted for a password simply enter "android" ...
C. If you are in Release mode follow the instructions on...
http://developer.android.com/tools/publishing/app-signing.html <-- this link pretty much explains everything you need to know.

based on #EliuX answer, Latest tools compatible with app bundle
echo y | keytool -genkey -keystore ./android.jks -dname "n=Mark Jones, ou=JavaSoft, o=Sun, c=US" -alias android -keypass android -storepass android -keyalg RSA -keysize 2048 -validity 2000
For your build.gradle
signingConfigs {
debug {
storeFile file('android.jks')
keyAlias 'android'
keyPassword 'android'
storePassword 'android'
}
}

You can create your keystore by exporting a signed APK. When you will try to export/build a signed APK, it will ask for a keystore.
You can choose your existing keystore or you can easily create a new one by clicking create new keystore
Here a link very useful and well-explained of how to create your keystore and generate a signed APK
THis link explained how to do it with Android Studio, but if I remember, it is pretty similar on Eclipse
WATCH OUT
Once you generate your keystore, keep it somewhere safe because you will need it to regenerate a new signed APK.
How do I export a project in the Android studio?

I'd like to suggest automatic way with gradle only
** Define also at least one additional param for keystore in last command e.g. country '-dname', 'c=RU' **
apply plugin: 'com.android.application'
// define here sign properties
def sPassword = 'storePassword_here'
def kAlias = 'keyAlias_here'
def kPassword = 'keyPassword_here'
android {
...
signingConfigs {
release {
storeFile file("keystore/release.jks")
storePassword sPassword
keyAlias kAlias
keyPassword kPassword
}
}
buildTypes {
debug {
signingConfig signingConfigs.release
}
release {
shrinkResources true
minifyEnabled true
useProguard true
signingConfig signingConfigs.release
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
...
}
...
task generateKeystore() {
exec {
workingDir projectDir
commandLine 'mkdir', '-p', 'keystore'
}
exec {
workingDir projectDir
commandLine 'rm', '-f', 'keystore/release.jks'
}
exec {
workingDir projectDir
commandLine 'keytool', '-genkey', '-noprompt', '-keystore', 'keystore/release.jks',
'-alias', kAlias, '-storepass', sPassword, '-keypass', kPassword, '-dname', 'c=RU',
'-keyalg', 'RSA', '-keysize', '2048', '-validity', '10000'
}
}
project.afterEvaluate {
preBuild.dependsOn generateKeystore
}
This will generate keystore on project sync and build
> Task :app:generateKeystore UP-TO-DATE
> Task :app:preBuild UP-TO-DATE

If you don't want to or can't use Android Studio, you can use the create-android-keystore NPM tool:
$ create-android-keystore quick
Which results in a newly generated keystore in the current directory.
More info: https://www.npmjs.com/package/create-android-keystore