I'm trying to upload a new app to Google Play using Android Studio Bumblebee 2021.1.1 Patch 3 and followed the instruction in Sign your app for creating a new upload key and keystore. However, I got the following error:
Your App Bundle is expected to be signed with the certificate with fingerprint:
SHA1: xxx...
but the certificate used to sign the App Bundle you uploaded has fingerprint:
SHA1: yyy...
I checked out the solutions in SO for the similar problem but nothing helped. I should add that I have several apps already on Google Play and I suppose I could use one of the upload keys for them, but I'm loathe to do that for various reasons. I only wish I could remember how I got the other apps to upload.
On Google Play, I discarded the release and uploaded it again. This time, when I navigated to App integrity in Google Play, I was able to specify that I wanted Google Play to generate an app signing key for me. I thought it had done that already, since that's the default. I selected the default and Google Play accepted the app. Had it failed, I was prepared to use the key from another of my published apps.
Click on the Select Sign-in key(locate top of AppBundle text) and select Release signed by google
If it's not working then delete the old Keystore and create again maybe you mistake in it
When trying to install a signed application (app-release.apk), a "Blocked by Play Protect" alert is shown and the app is not installed. However, an unsigned application (app-debug.apk) can be installed without problems.
The error message:
Play Protect doesn't recognise this app's developer. Apps from unknown developers can sometimes be unsafe.
Why this error happened? What's the solution?
I found the solution:
Go to the link below and submit your application.
Play Protect Appeals Submission Form
After a few days, the problem will be fixed
Try to create a new key store and replace with old one, then rebuild a new signed APK.
Update: Note that if you're using a http connection with server ,you should use SSL.
Take a look at: https://developer.android.com/distribute/best-practices/develop/understand-play-policies
There are three options to get rid of this warning:
You need to disable Play Protect in Play Store -> Play Protect -> Settings Icon -> Scan Device for security threats
Publish app at Google Play Store
Submit an Appeal to the Play Protect.
Google play finds you as developer via your keystore.
and maybe your country IP is banned on Google when you generate your new keystore.
change your IP Address and generate new keystore, the problem will be fixed.
if you didn't succeed, use another Gmail in Android Studio and generate new keystore.
I am adding this answer for others who are still seeking a solution to this problem if you don't want to upload your app on playstore then temporarily there is a workaround for this problem.
Google is providing safety device verification api which you need to call only once in your application and after that your application will not be blocked by play protect:
Here are there the links:
https://developer.android.com/training/safetynet/attestation#verify-attestation-response
Link for sample code project:
https://github.com/googlesamples/android-play-safetynet
the only solution worked for me was using java keytool and generating a .keystore file the command line and then use that .keystore file to sign my app
you can find the java keytool at this directory C:\Program Files\Java\jre7\bin
open a command window and switch to that directory and enter a command like this
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Keytool prompts you to provide passwords for the keystore, your name , company etc . note that at the last prompt you need to enter yes.
It then generates the keystore as a file called my-release-key.keystore in the directory you're in. The keystore and key are protected by the passwords you entered. The keystore contains a single key, valid for 10000 days. The alias is a name that you — will use later, to refer to this keystore when signing your application.
For more information about Keytool, see the documentation at: http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
and for more information on signing Android apps go here: http://developer.android.com/tools/publishing/app-signing.html
If you are using some trackers like google analytics or amplitude and you are trying to release your app in another platforms other than Google Play, this errors appears for users. So there are two possible solutions:
Use special trackers in your app (firebase and appmetrica are tested and are ok)
Release your app in Google Play
it is due to expired of debug certificate
simply delete the debug.keystore located at
C:\Users\.android\
after that build your project the build tools will regenerate a new key and it will work fine.
here is a reference:
https://developer.android.com/studio/publish/app-signing
the solution lies in creating a new key when generating the signed apk.
this worked for me without a fuss.
click on Build
click generate signed Bundle/APK...
choose either Bundle / APK (in my case APK) and click Next
click on create new (make sure you have a keystore path on the machine)
after everything, click finish to generate your signed apk
when you install, the warning will not come.
I solved this problem by changing my application package name according to signature certificate details. At first I created application with com.foo.xyz
but my certificate organization was 'bar'. So I change my package name to com.bar.xyz and now there is no google play protect warning!
There is no very precise way to solve this problem, but the following tasks can be effective in solving the problem
Click Invalid Caches/Restart
Do the login process of Android Studio
Click generate signed Bundle / APK
Fill in all the "generate signed Bundle" information completely.
Do not use the same password. Make sure your passwords are different in
"generate signed Bundle"
different. Preferably enter the address of America with the code 01
It is probably sensitive to Persian, so it is better not to write in Persian in the program. Write the program menu in English and make it Persian in the next updates
Remove extra permissions
Finally, go to the site below and request a troubleshooting
https://support.google.com/googleplay/android-developer/answer/2992033?hl=en
Fill in the first and last name correctly
Upload the installation file, for example, in Dropbox, and copy the link
If you are using Dropbox, be sure to change the number zero at the end of the
link to one, then submit it or use link shortening sites.
If your request is not approved, shorten the link of the installation file, for
example, using the https://bit.ly site
In the description section, explain the problem. For your convenience, I will
leave a sample text for you :
Greetings to the esteemed Google Team
I am sending this request to fix the "Blocked by Pay Protect" error
****{Write your app info and your reasons}****
Fast, simple, free and lightweight, no annoying ads ,This app does not collect and store user data!
Also, no unnecessary cost is imposed on the user and is completely free , It
also certifies that this app does not harm user privacy and is not harmful to users
Thank you
If you did not receive the confirmation email, repeat the request again a few days later
If there were hardware changes, try to re-download or re-create jks file.
I also faced such problem, it occured after moving my SSD from one PC to another. This gave a hint that there were no need to send the app to Google for verification: an old apk file was installing with no warning. So I replaced an android.jks on my hard drive with the one from the cloud, created a signed apk and the problem has gone.
I kept getting this issue after installing my app on a real device for debug.
And the problem was that I had android:exported="true" attribute present on the main activity in manifest file. I removed it and Play Protect warning disappeared.
Update: The following method doesn't work anymore.
Not the solution, but you can use debug key for signing release builds to avoid blocking the installation from Google Play Protect. It looks like Play Protect doesn't warn for builds signed with automatically generated debug.keystore.
Note that your debug builds are not unsigned, they are just signed with a debug key.
Of course, you cannot use the build for production distribution (Google Play, Amazon, etc.), but it's still worth for pre-production internal testing which requires a high-frequency feedback loop.
You can add a task to build release with debug.keystore by adding the configuration in build.gradle, something like:
android {
buildTypes {
// add after the `release` definition
releaseDebugKey { initWith release }
}
signingConfigs {
// use debug.keystore for releaseDebugKey builds
releaseDebugKey { initWith debug }
}
}
then execute ./gradlew assembleReleaseDebugKey to build a release build with debug key.
This error usually happens if you try to install an app from .apk file. The first thing you can do is to disable Play Protect from the inside of Play Store app in your phone:
Open Google Play Store app --> Play Protect --> Click Settings Icon on the top --> Disable scanning apps for security
Note: It is recommended that you enable it back again after finishing installation for security purposes.
Now after this you should be able to install the app. If you still receive error saying something like Error, app was not installed when you click on the .apk file, it means you have installed version of that app already. Uninstall the app first then you can install the app from .apk file without problem.
I am managing a mobile application that was first published by another person and I was on my way to release the first update on my own but I couldn't.
Used technology : react-native
What I did:
Followed official react-native doc on how to publish (create keystore, configuring project accordingly, generating aab, uploading it to Google Console)
When I uploaded my .aab file, I got the following error
Upload failed
Your Android App Bundle is signed with the wrong key. Ensure that your App Bundle is signed with the correct signing key and try again: SHA1: *SHA1 Key*
I understood that there is a key problem but I couldn't know what would solve it, I tried downloading the keys provided in the Google Console but that also was a dead-end !
What can I do ? Can someone explain how can two developers (or more) manage the releases of the same application ?
You have to basically have the same signing certificate which was used to upload a build in the first place and use the same certificate they have used to originally sign the app. Otherwise you cannot publish a new update for the app. if you have lost the certificate, you can contact the google team.
Hope it helps. feel free for doubts
At the moment, I am extending an app that has been developed by somebody else.
From the client I got the original keystore file that was used to publish the app to the Play Store including the passwords required. I previously gave out test versions that were signed using some dummy key I generated for this purpose.
I am using Eclipse Indigo with ADT for all the packaging and signing.
The strange thing is, that even after creating a signed application package using the official key, the older test version using the dummy key gets overridden on installation. If I try and install the App from the Play Store, I get a second App on my phone, exactly as if it were signed with a different key.
I tried to
keytool -printcert -file META-INF/CERT.RSA | egrep "^\s+MD5|^\s+SHA"
on the contents of my own generated apk files and those of the apk file from the Play Store. I get the same hashes on my own file signed with the official key and the file from the Play Store. The file signed with the dummy key results in different hashes, exactly as I would expect it to be.
However, my phone (and the one from my client) treat both apk files from me as one app, and the version from the Play Store as another one.
Is there anything else that identifies an app aside from package name and the key that has been used to sign it? I'm pretty confused right now to be honest. Thanks in advance for any hint!
I found out the source of the problem. In fact, there wasn't any problem at all despite the one in front of the monitor... The package name in the Play Store had been altered after the source code had been copied for me. So there simply was a tiny difference in the package name between my own files and the Play Store. At least I have learned pretty much about determining the fingerprint of an apk file...
We have recently purchased a game from another company and have done some updates to it with all the information converted over to our side.
The game is made and updated using Unity and is for the Android platform.
After doing all of these updates in Unity and using the Keystore that they supplied us (along with the passwords for the Keystore and the Key), we built the APK with no errors.
When I go into the Google Developer account and try to upload the new APK for testing, I get an error at the end of the upload that tells me that the certificate used in the APK is different than the one originally used on the other APKs so it can not upload the APK.
I have searched everywhere and people are saying that it is the Keystore and the key but I have the correct Keystore and Key because Unity would not allow me to build outside of debug testing without it (I tested this by putting a wrong password in for the Key and Unity gave me errors saying I had the wrong password).
I am using
- Macbook Pro with OSX 10.8.3
- Unity Version 4.1.3
I have all the correct SDKs for Android and the manifest package name matches the Bundle Identifier for the project. (The Bundle Identifier also matches the correct one attached to the Google Dev site.
Please help.
Unity will not stop you from building out an APK signed with a keystore that is different that what a previously built APK was signed with. So the unfortunate truth is that the version currently on Google Play was indeed signed with a different keystore. I've run into this problem myself in the past.
If you don't find the keystore that the app was originally signed with, you will need to pull down the current app and upload a new app.
I try to follow the practice of making the sure the production keystore is stored within the project's repository in an easy-to-find location.