I created a new Flutter project and I built a release APK flutter build apk without creating a release Android keystore.
Which keystore did the Flutter use to build a release APK by default?
I just found out the answer from Android app Gradle.
Flutter signs a release build using debug keys by default.
This line of comments found in android/app/build.gradle are very self explanatory.
buildTypes {
release {
// TODO: Add your own signing config for the release build.
// Signing with the debug keys for now, so `flutter run --release` works.
signingConfig signingConfigs.debug
}
}
Related
I need to have 3 different APKs (dev, UAT, prod), each targetting different Firebase database. But on each Firebase project, I need to supply a permanent app id. That means I need to have 3 build variants that each deploying APK with different app id. But on Android Studio, I seem can't find such a way to build variants for Flutter for this purpose (the build variants section is empty).
What I'm looking for is not just a different entry point and different constants, but different app id altogether. From what I gather, changing app name and app id in Flutter requires 6-steps like this. I don't think doing these 6-steps each time I want to change build scope is an efficient and correct way to handle this.
In Flutter, you should select build flavors instead of build variants (combination of build flavor and build type). Flutter run has a --flavor option, but not buildType.
Specify build flavors:
In build.gradle below defaultConfig {}:
android {
...
buildTypes {
release {
// TODO: Add your own signing config for the release build.
// Signing with the debug keys for now, so `flutter run --release` works.
signingConfig signingConfigs.debug
}
debug {
applicationIdSuffix ".debug" // Optional, you don't need to create a separate applicationId for debug.
signingConfig signingConfigs.debug
}
}
flavorDimensions "default"
productFlavors {
dev {
applicationIdSuffix ".dev"
}
qa {
applicationIdSuffix ".qa"
}
prod {
}
}
}
Run your Flutter app with specific build flavor:
On the command line: use flutter run --flavor flavorName, or
In Android Studio: Run/debug configuration Drop Down → Edit Configuration... → Additional run args: → Add --flavor dev or --flavor qa or --flavor prod
Confirm the applicationId has changed. I use package_info_plus for this:
Add package_info_plus: ^1.0.4 to pubspec.yaml
Add the code somewhere:
PackageInfo.fromPlatform().then((PackageInfo packageInfo) {
print("Package name: ${packageInfo.packageName}");
});
The packageName will have both the build flavor and build type. In my case, because of applicationIdSuffix in both buildTypes and productFlavors, com.example.dev.debug. You could remove applicationIdSuffix ".debug" if you don't need/ want it.
Now we can have separate build flavor directories with their own google-services.json.
I am running into the following message when attempting to upload my APK as an alpha release on Google Play.
'You uploaded a debuggable APK. For security reasons you need to disable debugging before it can be published in Google Play.'
In my gradle I have configured the signing config and build type(s) as follows:
signingConfigs {
release {
storeFile file("PATH TO KEY STORE")
storePassword "STORE PASSWORD"
keyAlias "ALIAS"
keyPassword "PASSWORD"
}
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
testCoverageEnabled true
debuggable false
}
debug { testCoverageEnabled true }
}
Furthermore, I've verified using jarsigner that my APK was signed and that the CN does not contain CN=Android Debug.
The manifest for the APK does not contain the attribute android:debuggable.
The application I've built is a Kotlin application with the following dependencies:
Android Support v13 27.0.2
Android Support Annotations 27.0.2
Android Support Constraint Layout 1.0.2
Junit 4.12
Mockito 2.15.0
Robolectric 3.7
Android Support Test Runner 1.0.1
Android Support Test Espresso Core 3.0.1
I've attempted to upload the APK generated via gradle command line (i.e., gradle build) as well as the APK generated from the IDE using Build, Generate
Signed APK, and I've ensured that the release variant is selected when building from the IDE and gradle before attempting to upload to Google Play.
Finally, I've attempted this with multiple keystores (creating a new one thinking that perhaps my first one was invalid), and still I cannot upload my APK. To clarify, this is the first apk upload. No prior version exists on Google Play.
Is one of the support libraries leading to this issue, or is there something I have missed?
I discovered the issue.
It seems an APK with test coverage enabled is considered debuggable.
After removing the line
testCoverageEnabled true
from my release build type, I was able to upload my APK.
Newbie with Bamboo trying to produce .apk for android application.
I have done the checkout and gradlew build tasks for default job, so the download and build process is fine.
What I need is to be able to produce signed .apk file and deliver it in someway to other part of our team.
Thinking about modify the gradle script to produce signed .apk with keystore/password and so, but not sure how to configure Bamboo to serve the .apk.
Any help much appreciated.
Building a signed APK is a function of your Gradle build script and not Bamboo. Based on the information available here, this is how I build a signed APK using Gradle. The information under the "Signing Your App in Android Studio" section is particularly helpful to create the keystore and the key necessary to sign the APK.
// APK signing configuration
android.signingConfigs {
MobileApp {
storeFile file("${rootDir}/TempKeyStore.jks")
storePassword "********"
keyAlias "********"
keyPassword "********"
}
}
// Build types - debug and release both use signing config above to
// sign the resultant APKs
android.buildTypes {
debug {
signingConfig android.signingConfigs.MobileApp
}
release {
signingConfig android.signingConfigs.MobileApp
}
}
Once you have your Gradle build script configured to build a signed APK, Bamboo can be easily configured to run your Gradle build script.
I'm new to Android Studio and running a debug build on a device is working fine, however to test in app purchasing (and obviously to release) I need a release build signed with the normal key. I can make an APK using Build -> Generate signed APK, however the package name seems to be incorrect. Here's my build file:
apply plugin: 'android'
android {
compileSdkVersion 19
buildToolsVersion "19.0.1"
defaultConfig {
minSdkVersion 8
targetSdkVersion 9
testPackageName "com.company.common.common"
testInstrumentationRunner "android.common.InstrumentationTestRunner"
}
signingConfigs {
releaseConfig {
storeFile file("filname")
storePassword "password"
keyAlias "alias"
keyPassword "password"
}
}
buildTypes {
debug {
packageNameSuffix ".debug"
}
release {
runProguard false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt'
signingConfig signingConfigs.releaseConfig
}
}
productFlavors {
Flavor1 {
packageName "com.company.test"
}
}
}
dependencies {
// some dependencies
}
Note the package name overridden in the flavor. That flavor has no manifest; the only manifest is under main, and specifies a package of com.company.common. If I use Android to create a com.company.test APK and install it on a device, then generate an APK from Android Studio and install it, I end up with two apps on the device rather than the second replacing the first. This indicates that the package names are different, I assume because Android Studio is producing an APK with a package of com.company.common. Not sure how to verify that though.
When I just build the project, I get a debug APK but no release APK. How do I get a release APK with the correct package name? I just ran the app from Android Studio and it says it's installing com.company.test.debug, and that it needs to uninstall the app before installing. So now I'm thinking the generate signed APK generated a build with the debug package.
So far this is the issue that's preventing me from moving to Android Studio and gradle. Once I get past this I think I'm clear to move everything over so I'm hoping someone can help me figure it out!
Before you choose the Generate Signed APK option, go into the Build Variants window and choose the Release build variant. The Generate Signed APK command takes whatever the current build type is selected there and signs it. This obviously isn't what you want in this case; bug https://code.google.com/p/android/issues/detail?id=56532 is requesting improvements there.
I have a gradle-based android project and trying to generate a release apk. However, it seems that somehow gradle is picking up the wrong key/cert.
This is what I have in build.gradle:
signingConfigs {
release {
storeFile file("mykey.jks")
storePassword "mypass"
keyAlias "mykey.key"
keyPassword "mypass"
}
}
buildTypes {
release {
debuggable false
jniDebugBuild false
runProguard true
proguardFile getDefaultProguardFile('proguard-android.txt')
signingConfig signingConfigs.release
}
}
And after running
gradlew assembleRelease
and taking out META-INF/CERT.RSA from inside the .apk I run the following:
keytool -list -keystore mykey.jks
and
keytool -printcert -v -file CERT.RSA
but they produce output with different certificate fingerprints. Trying with a certificate from another apk signed with the same key (but not with gradle) yields the correct certificate fingerprint.
Gradle seems to be picking up the keystore fine (changing the password or location or alias makes it stop working).
I'm puzzled since I don't want to release something to the store signed with an unknown key and then not be able to update it. I don't have a debug key explicitly defined in gradle.
UPDATE: This has something to do with the keystore. Trying the same gradle code with a fresh keystore and key works fine. This problematic keystore was imported from a pkcs#12 format (.p12 file). Using Intellij or jarsigner works fine with this keystore though, it's just the gradle code that has a different output - and it seems only the certificate generated from the key is different.
In my case I was not aware I am using debug keystore file for release. In project/android/app/build.gradle
buildTypes {
debug {
signingConfig signingConfigs.debug
}
release {
// Caution! In production, you need to generate your own keystore file.
// see https://facebook.github.io/react-native/docs/signed-apk-android.
signingConfig signingConfigs.debug // <-- need to be changed with
//the line below
//signingConfig signingConfigs.release
minifyEnabled enableProguardInReleaseBuilds
proguardFiles getDefaultProguardFile("proguard-android.txt"), "proguard-rules.pro"
}
}
I faced the same issue while building signed .aab file with gradle.
It has to do with gradle caching issue.
I just restarted my gradle daemon threads running in my system and clean gradle cache.
./gradlew --stop
./gradlew clean
./gradlew bundleRelease
And it resolved the problem.
The only solution here was to start with a fresh key. The previous key had been imported from a PKCS12 format and I think that somehow caused the gradle code to generate a different certificate than jarsigner.