I am trying to upload an APK built in Unity3D to the Play Store, but it says I can't upload it because it's signed as debug mode. However, it's not! I've done absolutely everything in every forum:
Development checkbox unchecked.
Keystore set
Microsoft Visual Studio switched from Debug to Release
In the android manifest I had "debuggable=true", I removed it.
What else must I do? I think that's all.
Hello friends if you already publish your app and you want to do an update follow this.
If you are sure about your keystorage settings and if development
build is not active continue with second part.
If you are using Facebook SDK or some Google services there's a
configuration problem. Go to Assets > Plugins > Android >
AndroidManifest.xml and find android:debuggable= and just set it
false like:
android:debuggable="false"
That's all guys. Thank you and bye bye!
Okay, so in order to sign the app for distribution via Play Store you also have to add a key and sign your apk with it. To do this:
Find the Publishing Settings under Player Settings
Create a new keystore by selecting a keystore name and password (confirm the password), select "browse" to save the keystore
Select "Create a new key" under Key Alias
A new window opens; enter the necessary information.
Select the newly created key.
Build
Your app is now signed, you can upload it to Play Store
All the Play store does is look at your APK using public tools. You can reproduce exactly what it does.
To check the signing key (which will need to match to update the app):
`keytool -list -printcert -jarfile app.apk`
To look at the manifest you use a tool called aapt which comes with the android SDK. This stackoverflow question tells you how to use it to tell if your APK is debuggable.
If your APK is debuggable as defined by the method above then you haven't changed everything you need.
Related
When trying to install a signed application (app-release.apk), a "Blocked by Play Protect" alert is shown and the app is not installed. However, an unsigned application (app-debug.apk) can be installed without problems.
The error message:
Play Protect doesn't recognise this app's developer. Apps from unknown developers can sometimes be unsafe.
Why this error happened? What's the solution?
I found the solution:
Go to the link below and submit your application.
Play Protect Appeals Submission Form
After a few days, the problem will be fixed
Try to create a new key store and replace with old one, then rebuild a new signed APK.
Update: Note that if you're using a http connection with server ,you should use SSL.
Take a look at: https://developer.android.com/distribute/best-practices/develop/understand-play-policies
There are three options to get rid of this warning:
You need to disable Play Protect in Play Store -> Play Protect -> Settings Icon -> Scan Device for security threats
Publish app at Google Play Store
Submit an Appeal to the Play Protect.
Google play finds you as developer via your keystore.
and maybe your country IP is banned on Google when you generate your new keystore.
change your IP Address and generate new keystore, the problem will be fixed.
if you didn't succeed, use another Gmail in Android Studio and generate new keystore.
I am adding this answer for others who are still seeking a solution to this problem if you don't want to upload your app on playstore then temporarily there is a workaround for this problem.
Google is providing safety device verification api which you need to call only once in your application and after that your application will not be blocked by play protect:
Here are there the links:
https://developer.android.com/training/safetynet/attestation#verify-attestation-response
Link for sample code project:
https://github.com/googlesamples/android-play-safetynet
the only solution worked for me was using java keytool and generating a .keystore file the command line and then use that .keystore file to sign my app
you can find the java keytool at this directory C:\Program Files\Java\jre7\bin
open a command window and switch to that directory and enter a command like this
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Keytool prompts you to provide passwords for the keystore, your name , company etc . note that at the last prompt you need to enter yes.
It then generates the keystore as a file called my-release-key.keystore in the directory you're in. The keystore and key are protected by the passwords you entered. The keystore contains a single key, valid for 10000 days. The alias is a name that you — will use later, to refer to this keystore when signing your application.
For more information about Keytool, see the documentation at: http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
and for more information on signing Android apps go here: http://developer.android.com/tools/publishing/app-signing.html
If you are using some trackers like google analytics or amplitude and you are trying to release your app in another platforms other than Google Play, this errors appears for users. So there are two possible solutions:
Use special trackers in your app (firebase and appmetrica are tested and are ok)
Release your app in Google Play
it is due to expired of debug certificate
simply delete the debug.keystore located at
C:\Users\.android\
after that build your project the build tools will regenerate a new key and it will work fine.
here is a reference:
https://developer.android.com/studio/publish/app-signing
the solution lies in creating a new key when generating the signed apk.
this worked for me without a fuss.
click on Build
click generate signed Bundle/APK...
choose either Bundle / APK (in my case APK) and click Next
click on create new (make sure you have a keystore path on the machine)
after everything, click finish to generate your signed apk
when you install, the warning will not come.
I solved this problem by changing my application package name according to signature certificate details. At first I created application with com.foo.xyz
but my certificate organization was 'bar'. So I change my package name to com.bar.xyz and now there is no google play protect warning!
There is no very precise way to solve this problem, but the following tasks can be effective in solving the problem
Click Invalid Caches/Restart
Do the login process of Android Studio
Click generate signed Bundle / APK
Fill in all the "generate signed Bundle" information completely.
Do not use the same password. Make sure your passwords are different in
"generate signed Bundle"
different. Preferably enter the address of America with the code 01
It is probably sensitive to Persian, so it is better not to write in Persian in the program. Write the program menu in English and make it Persian in the next updates
Remove extra permissions
Finally, go to the site below and request a troubleshooting
https://support.google.com/googleplay/android-developer/answer/2992033?hl=en
Fill in the first and last name correctly
Upload the installation file, for example, in Dropbox, and copy the link
If you are using Dropbox, be sure to change the number zero at the end of the
link to one, then submit it or use link shortening sites.
If your request is not approved, shorten the link of the installation file, for
example, using the https://bit.ly site
In the description section, explain the problem. For your convenience, I will
leave a sample text for you :
Greetings to the esteemed Google Team
I am sending this request to fix the "Blocked by Pay Protect" error
****{Write your app info and your reasons}****
Fast, simple, free and lightweight, no annoying ads ,This app does not collect and store user data!
Also, no unnecessary cost is imposed on the user and is completely free , It
also certifies that this app does not harm user privacy and is not harmful to users
Thank you
If you did not receive the confirmation email, repeat the request again a few days later
If there were hardware changes, try to re-download or re-create jks file.
I also faced such problem, it occured after moving my SSD from one PC to another. This gave a hint that there were no need to send the app to Google for verification: an old apk file was installing with no warning. So I replaced an android.jks on my hard drive with the one from the cloud, created a signed apk and the problem has gone.
I kept getting this issue after installing my app on a real device for debug.
And the problem was that I had android:exported="true" attribute present on the main activity in manifest file. I removed it and Play Protect warning disappeared.
Update: The following method doesn't work anymore.
Not the solution, but you can use debug key for signing release builds to avoid blocking the installation from Google Play Protect. It looks like Play Protect doesn't warn for builds signed with automatically generated debug.keystore.
Note that your debug builds are not unsigned, they are just signed with a debug key.
Of course, you cannot use the build for production distribution (Google Play, Amazon, etc.), but it's still worth for pre-production internal testing which requires a high-frequency feedback loop.
You can add a task to build release with debug.keystore by adding the configuration in build.gradle, something like:
android {
buildTypes {
// add after the `release` definition
releaseDebugKey { initWith release }
}
signingConfigs {
// use debug.keystore for releaseDebugKey builds
releaseDebugKey { initWith debug }
}
}
then execute ./gradlew assembleReleaseDebugKey to build a release build with debug key.
This error usually happens if you try to install an app from .apk file. The first thing you can do is to disable Play Protect from the inside of Play Store app in your phone:
Open Google Play Store app --> Play Protect --> Click Settings Icon on the top --> Disable scanning apps for security
Note: It is recommended that you enable it back again after finishing installation for security purposes.
Now after this you should be able to install the app. If you still receive error saying something like Error, app was not installed when you click on the .apk file, it means you have installed version of that app already. Uninstall the app first then you can install the app from .apk file without problem.
In order to migrate my app from .apk to .aab I went through the App Signing process that Google Play requires.
I installed Java jdk-14.0.2.jdk (because I purchased a new mac with OS 10.15.5 and it kept saying I don't have Java) and ran the below command from the terminal in the directory that I downloaded pepk.jar from Google Play to
$ java -jar pepk.jar --keystore=user.keystore --alias=bball\ battle --output=encrypted_private_key_path --encryptionkey=eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a52912392761fb833b656cd48b9de6a
Then I uploaded the resulting file encrypted_private_key_path so now I can see all of my app signing info under the App Signing section in the dashbaord.
Then I selected my user.keystore in unity publishing settings, put in my password, and built the aab file. But when I uploaded it to google play I got a message:
“You uploaded a debuggable APK or
Android App Bundle. For security
reasons you need to disable debugging
before it can be published in Google
Play.nullLearn more about debuggable
APKs or Android App Bundlesnull.”
So then instead of using user.keystore I renamed encrypted_private_key_path to encrypted_private_key_path.keystore and selected that in Unity player settings. But when I select it in publishing settings, it says
"Unable to list keys in the keystore.
Please make sure the location and
password of the keystore is correct."
I know I am using the correct password.
Could this be because Unity is using OpenJDK, but I ran the pepk.jar command using Java jdk-14.0.2.jdk?
Does anyone know how to resolve or troubleshoot this issue?
Hey you are supposed to use Java NDK to build the aab the process is pretty much simple im providing a link of a youtube video can check that but make sure to uncheck the development build and check android app bundle box
https://youtu.be/j0L3SDYyMJI
And for the key if the key isnt working you can contact google that you lost the key and i guess you can generate a new one
When trying to install a signed application (app-release.apk), a "Blocked by Play Protect" alert is shown and the app is not installed. However, an unsigned application (app-debug.apk) can be installed without problems.
The error message:
Play Protect doesn't recognise this app's developer. Apps from unknown developers can sometimes be unsafe.
Why this error happened? What's the solution?
I found the solution:
Go to the link below and submit your application.
Play Protect Appeals Submission Form
After a few days, the problem will be fixed
Try to create a new key store and replace with old one, then rebuild a new signed APK.
Update: Note that if you're using a http connection with server ,you should use SSL.
Take a look at: https://developer.android.com/distribute/best-practices/develop/understand-play-policies
There are three options to get rid of this warning:
You need to disable Play Protect in Play Store -> Play Protect -> Settings Icon -> Scan Device for security threats
Publish app at Google Play Store
Submit an Appeal to the Play Protect.
Google play finds you as developer via your keystore.
and maybe your country IP is banned on Google when you generate your new keystore.
change your IP Address and generate new keystore, the problem will be fixed.
if you didn't succeed, use another Gmail in Android Studio and generate new keystore.
I am adding this answer for others who are still seeking a solution to this problem if you don't want to upload your app on playstore then temporarily there is a workaround for this problem.
Google is providing safety device verification api which you need to call only once in your application and after that your application will not be blocked by play protect:
Here are there the links:
https://developer.android.com/training/safetynet/attestation#verify-attestation-response
Link for sample code project:
https://github.com/googlesamples/android-play-safetynet
the only solution worked for me was using java keytool and generating a .keystore file the command line and then use that .keystore file to sign my app
you can find the java keytool at this directory C:\Program Files\Java\jre7\bin
open a command window and switch to that directory and enter a command like this
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Keytool prompts you to provide passwords for the keystore, your name , company etc . note that at the last prompt you need to enter yes.
It then generates the keystore as a file called my-release-key.keystore in the directory you're in. The keystore and key are protected by the passwords you entered. The keystore contains a single key, valid for 10000 days. The alias is a name that you — will use later, to refer to this keystore when signing your application.
For more information about Keytool, see the documentation at: http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
and for more information on signing Android apps go here: http://developer.android.com/tools/publishing/app-signing.html
If you are using some trackers like google analytics or amplitude and you are trying to release your app in another platforms other than Google Play, this errors appears for users. So there are two possible solutions:
Use special trackers in your app (firebase and appmetrica are tested and are ok)
Release your app in Google Play
it is due to expired of debug certificate
simply delete the debug.keystore located at
C:\Users\.android\
after that build your project the build tools will regenerate a new key and it will work fine.
here is a reference:
https://developer.android.com/studio/publish/app-signing
the solution lies in creating a new key when generating the signed apk.
this worked for me without a fuss.
click on Build
click generate signed Bundle/APK...
choose either Bundle / APK (in my case APK) and click Next
click on create new (make sure you have a keystore path on the machine)
after everything, click finish to generate your signed apk
when you install, the warning will not come.
I solved this problem by changing my application package name according to signature certificate details. At first I created application with com.foo.xyz
but my certificate organization was 'bar'. So I change my package name to com.bar.xyz and now there is no google play protect warning!
There is no very precise way to solve this problem, but the following tasks can be effective in solving the problem
Click Invalid Caches/Restart
Do the login process of Android Studio
Click generate signed Bundle / APK
Fill in all the "generate signed Bundle" information completely.
Do not use the same password. Make sure your passwords are different in
"generate signed Bundle"
different. Preferably enter the address of America with the code 01
It is probably sensitive to Persian, so it is better not to write in Persian in the program. Write the program menu in English and make it Persian in the next updates
Remove extra permissions
Finally, go to the site below and request a troubleshooting
https://support.google.com/googleplay/android-developer/answer/2992033?hl=en
Fill in the first and last name correctly
Upload the installation file, for example, in Dropbox, and copy the link
If you are using Dropbox, be sure to change the number zero at the end of the
link to one, then submit it or use link shortening sites.
If your request is not approved, shorten the link of the installation file, for
example, using the https://bit.ly site
In the description section, explain the problem. For your convenience, I will
leave a sample text for you :
Greetings to the esteemed Google Team
I am sending this request to fix the "Blocked by Pay Protect" error
****{Write your app info and your reasons}****
Fast, simple, free and lightweight, no annoying ads ,This app does not collect and store user data!
Also, no unnecessary cost is imposed on the user and is completely free , It
also certifies that this app does not harm user privacy and is not harmful to users
Thank you
If you did not receive the confirmation email, repeat the request again a few days later
If there were hardware changes, try to re-download or re-create jks file.
I also faced such problem, it occured after moving my SSD from one PC to another. This gave a hint that there were no need to send the app to Google for verification: an old apk file was installing with no warning. So I replaced an android.jks on my hard drive with the one from the cloud, created a signed apk and the problem has gone.
I kept getting this issue after installing my app on a real device for debug.
And the problem was that I had android:exported="true" attribute present on the main activity in manifest file. I removed it and Play Protect warning disappeared.
Update: The following method doesn't work anymore.
Not the solution, but you can use debug key for signing release builds to avoid blocking the installation from Google Play Protect. It looks like Play Protect doesn't warn for builds signed with automatically generated debug.keystore.
Note that your debug builds are not unsigned, they are just signed with a debug key.
Of course, you cannot use the build for production distribution (Google Play, Amazon, etc.), but it's still worth for pre-production internal testing which requires a high-frequency feedback loop.
You can add a task to build release with debug.keystore by adding the configuration in build.gradle, something like:
android {
buildTypes {
// add after the `release` definition
releaseDebugKey { initWith release }
}
signingConfigs {
// use debug.keystore for releaseDebugKey builds
releaseDebugKey { initWith debug }
}
}
then execute ./gradlew assembleReleaseDebugKey to build a release build with debug key.
This error usually happens if you try to install an app from .apk file. The first thing you can do is to disable Play Protect from the inside of Play Store app in your phone:
Open Google Play Store app --> Play Protect --> Click Settings Icon on the top --> Disable scanning apps for security
Note: It is recommended that you enable it back again after finishing installation for security purposes.
Now after this you should be able to install the app. If you still receive error saying something like Error, app was not installed when you click on the .apk file, it means you have installed version of that app already. Uninstall the app first then you can install the app from .apk file without problem.
I am trying to upload an APK to Google Play store. I have added android:debuggable="false" in the application tag of AndroidManifest.xml. But, still it says you need to disable debugging before it can be published in Google Play.
Update:
I am using debug.keystore for signing the APK. So, is it the reason for the issue ?
Should I create a different release.keystore ?
Yes you are right.
To Put your application on Google Play Store You have to generate release.keystore.
Please check the steps of how to generate keystore ::
Right click the project.
Go to Android Tools.
select Export Signed APK Package.
Enter Project Name.
Select create new key store option.
Set Location eg: Keystore Location.
At the end of this procedure you will have you build.apk and put that APK on Play Store that will work.
Make sure you're signing your application with the release key (not the debug key).
Yes, you need to use a release key, you can not upload to the play store if your app is signed with the debug key. See http://developer.android.com/tools/publishing/app-signing.html#releasemode for more info.
Remove all calls to the catlog in your code.
Look for BuildConfig.java in your source dir and see what it says for DEBUG.
If you're using Gradle/Android Studio be sure to select the release variant.
If you using Eclipse, disable auto-build, do a clean, then use the Export signed APK option in Android Tools.
I want to know the information of publishing an android apk in google play store.i read the developer website.But i struggled to get the private key for apk file.how to get the signed apk file with release mode.so i need some step by step process.
Here a few steps to help you create a release private signing key:
Select File -> Export
In the pop-up, expand Android and select Export Android Application
In the next pop-up, select the Browse button and select the Project you need to publish the APK of.
Click the Next button. The next set of options, is for selecting an existing Keystore or creating a new one. Choose Create new keystore, set a location where you want to save the keystore file, choose your own password and confirm the same.
Next page is the Key Creation set of options. In this, create an alias for the keystore. Again, choose a password and confirm the same. Set a validity in number of years for your keystore. It has to be a minimum 25 years. Enter the rest of the details on this page.
On the final page of this wizard, choose the location where you want the APK to be saved on your computer.
That's all there is to it.
NOTE: The release signing key is to be created by the developer and not by Google for the dev. It is a self signed certificate. Keep this key safe and secure, and possibly in multiple locations. If you are to loose access to the signing key file created in Step 4 above, you will not be able to publish updates to your application. There are no known ways of recovering a lost key. The same applies to the passwords you select in the process above. Do not loose either the key file or it's passwords.
Read more about signing your applications here: http://developer.android.com/tools/publishing/app-signing.html
If you are using eclipse right click on your project >tools>export signed apk
then follow the steps. You will be asked to either use existing or generate a new key there select option to generate new key and a new key will be generated
There's a guide to signing Android applications on the developer website:
http://developer.android.com/guide/publishing/app-signing.html
Check this out : Compile the application in the release mode
Android Tools > Export Signed Application Package
Support for a true debug build. Developers no longer need to add the android:debuggable attribute to the tag in the manifest — the build tools add the attribute automatically. In Eclipse/ADT, all incremental builds are assumed to be debug builds, so the tools insert android:debuggable="true". When exporting a signed release build, the tools do not add the attribute. In Ant, a ant debug command automatically inserts the android:debuggable="true" attribute, while ant release does not. If android:debuggable="true" is manually set, then ant release will actually do a debug build, rather than a release build.