I'm making aab file for releasing.
We're using flutter.
Last release is uploading signed apk file to google play store,but this time for we can't upload 32bit and 64bit apk separately, so we tried to use appbundle.
We do have signature when we release apk file.
And because the release operation(upload apk file to google play) is handled by other team, so I don't know whether I need to use a new signature for aab file's release.
Here is my setting,just the same with last time
signingConfigs {
release {
keyAlias keystoreProperties['keyAlias']
keyPassword keystoreProperties['keyPassword']
storeFile file(keystoreProperties['storeFile'])
storePassword keystoreProperties['storePassword']
}
}
buildTypes {
release {
// TODO: Add your own signing config for the release build.
// Signing with the debug keys for now, so `flutter run --release` works.
signingConfig signingConfigs.release
}
}
and I have key.properties file
storePassword=XXX
keyPassword=XXX
keyAlias=XXX
storeFile=O:\\sourceCode\\key\\key.keystore
And for release, I set build variant as release, as introduced in flutter official doc
simply "No" you don't need new signature to create app bundle. your old signature will work fine
Related
I am generating an APK file for the flutter app using:
flutter build apk
and it generates the following file:
build/app/outputs/flutter-apk/app-release.apk
I was always able to install this apk on my phone or any other phone to test it. But recently I started getting the following warning when installing the app:
And then when I tap "Continue", I get this error: "App not installed".
Since this error is new, I though maybe that's due to a change that I recently made. And the only change that could've affected the apk file is that I regenerated the key.jks file which is used to sing the apk file. That file is used in the android/build.gradle file:
signingConfigs {
debug {
storeFile file('key.jks')
storePassword '**********'
keyAlias 'androiddebugkey'
keyPassword '**********'
}
}
buildTypes {
debug {
signingConfig signingConfigs.debug
}
release {
// TODO: Add your own signing config for the release build.
// Signing with the debug keys for now, so `flutter run --release` works.
signingConfig signingConfigs.debug
}
}
What could be causing this error? I also tried "flutter clean" but that didn't help.
Currently, I sign the app in the following manner where keys are read from env in CI.
signingConfigs {
release {
storeFile file(System.getenv("ANDROID_KEYSTORE_PATH"))
storePassword System.getenv("KEYSTORE_PASSWORD")
keyAlias System.getenv("KEY_ALIAS")
keyPassword System.getenv("KEY_PASSWORD")
}
}
buildTypes {
release {
signingConfig signingConfigs.release
manifestPlaceholders = [excludeSystemAlertWindowPermission: "true"]
}
}
But this method will make the passwords available if someone decompiles the apk.
Is there a way by which keys are only used during the signing and then stripped from code and then uploaded to Play store?
Or if someone can point me to more secure ways of signing apk's?
This details doesn't get bundled in a apk file, so even if someone de-compiles your apk he wont get to see this.
You can alternatively use android studio to create a signed apk.
Check this link to see how it is done
I have trouble with updating the debug version of the app's apk:
Installation failed with message Failed to finalize session : INSTALL_FAILED_UPDATE_INCOMPATIBLE: Package [here our package] signatures do not match the previously installed version; ignoring
Two developers. Two PC's with same Android Studio versions (3.2.1). But when I try to install - have this, when the second developer make a debug apk with the same code (with git) it installs normally.
If I make an apk - it's an error occurred via an update of a version of the second developer on a different device (tester).
What I've tried already:
Restart Android Studio.
Clean and Rebuild.
Invalidate Caches and Restart.
Build apk and installed from the device. ("Application doesn't install" error occurred during update)
Increase versionCode.
The device is a Lenovo TB-X103F tablet on Android 6.0.1.
You need to use the same debug keystore. Your colleagues' keystore will be at:
Windows: C:\Users\USERNAME\.android\debug.keystore
Linux / Mac: ~/.android/debug.keystore
3 solutions are below in descending order of correctness:
In the long term, this should be configured inside your project, so that anyone with the project can sign the debug builds. This is done by configuring your build.gradle like so.
You can also set your signing config inside Android Studio, so you are not reliant on copying his file in the future. Here is how to set it.
You could also just replace your debug keystore in that location with your colleagues, so you are using the same config.
Different keystore files cause this warning. For the exact solution;
-Create your own keystore files for each build types.
-Define buildTypes and SigningConfigs in app level gradle file
like this:
signingConfigs {
release {
keyAlias '******'
keyPassword '******'
storeFile file('...\\release.jks')
storePassword '******'
}
debug {
keyAlias 'alias'
keyPassword '******'
storeFile file('...\\debug.jks')
storePassword '******'
}
}
buildTypes {
release {
lintOptions {
}
debuggable false
minifyEnabled true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
}
debug {
debuggable true
minifyEnabled false
signingConfig signingConfigs.debug
}
}
NOTE!!! You can move debug keystore file into project folder(app folder will be a good choice). So both developers have the same keystore easily.
I used android studio to generate sign APK (build->generate sign APK).
both V1 and V2 checkboxes were marked in the signature version.
To upload an APK via CI-CD, I am running assemleRelease cmd.
The problem is that the sign from assembleRelease is different (probably it's signed with V1 only).
How can I run assembleRelease to sign with the same signature as android studio (build->generate sign APK)?
my code:
android {
signingConfigs {
release {
storeFile file('../config/xx.jks')
Properties props = new Properties()
props.load(new FileInputStream(file("../local.properties")))
storePassword "password"
keyAlias "my-alias"
keyPassword "password"
v2SigningEnabled true
}
debug {
storeFile file("../Config/xx.keystore")
}
}
My mistake, The path from the studio linked to another key-store file (not the one the "storeFile file('../config/xx.jks')" linked to..
I've been developing my project in Eclipse IDE. The app is submitted on Play Store, and I've published a couple of versions updates successfully.
Recently I've migrated to Android Studio (and gradle, of course). I've done some changes to the project code base, including min and target sdk changes, but package name remains the same. The project is successfully compiled and debug app is successfully assembled and running ok.
But now I can not assemble a release version because of :
Keystore was tampered with, or password was incorrect
The keystore have not changed, and I do know it's password.
I've set signingconfigs in build.gradle:
android {
...
signingConfigs {
release {
storeFile file("keystore/motolife.keystore")
storePassword "***"
keyAlias "motolife"
keyPassword "***"
}
}
buildTypes {
release {
signingConfig signingConfigs.release
}
}
...
}
I've tried also to sign using jarsigner:
jarsigner -verbose -keystore keystore/motolife.keystore build/outputs/apk/motolife-new-debug.apk motolife
But no luck.
I've even installed gradle support for Eclipse and tried to assemble signed release app , but got the same "Keystore was tampered with, or password was incorrect" error.
try doing something like this then:
release {
storeFile file("keystoreName.keystore") //change value per signing
def pass = System.console().readPassword("\nPlease enter key password: ")
pass = new String(pass)
storePassword pass
keyAlias "revision3" //need to change these values per signing
keyPassword pass
}