When trying to install a signed application (app-release.apk), a "Blocked by Play Protect" alert is shown and the app is not installed. However, an unsigned application (app-debug.apk) can be installed without problems.
The error message:
Play Protect doesn't recognise this app's developer. Apps from unknown developers can sometimes be unsafe.
Why this error happened? What's the solution?
I found the solution:
Go to the link below and submit your application.
Play Protect Appeals Submission Form
After a few days, the problem will be fixed
Try to create a new key store and replace with old one, then rebuild a new signed APK.
Update: Note that if you're using a http connection with server ,you should use SSL.
Take a look at: https://developer.android.com/distribute/best-practices/develop/understand-play-policies
There are three options to get rid of this warning:
You need to disable Play Protect in Play Store -> Play Protect -> Settings Icon -> Scan Device for security threats
Publish app at Google Play Store
Submit an Appeal to the Play Protect.
Google play finds you as developer via your keystore.
and maybe your country IP is banned on Google when you generate your new keystore.
change your IP Address and generate new keystore, the problem will be fixed.
if you didn't succeed, use another Gmail in Android Studio and generate new keystore.
I am adding this answer for others who are still seeking a solution to this problem if you don't want to upload your app on playstore then temporarily there is a workaround for this problem.
Google is providing safety device verification api which you need to call only once in your application and after that your application will not be blocked by play protect:
Here are there the links:
https://developer.android.com/training/safetynet/attestation#verify-attestation-response
Link for sample code project:
https://github.com/googlesamples/android-play-safetynet
the only solution worked for me was using java keytool and generating a .keystore file the command line and then use that .keystore file to sign my app
you can find the java keytool at this directory C:\Program Files\Java\jre7\bin
open a command window and switch to that directory and enter a command like this
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Keytool prompts you to provide passwords for the keystore, your name , company etc . note that at the last prompt you need to enter yes.
It then generates the keystore as a file called my-release-key.keystore in the directory you're in. The keystore and key are protected by the passwords you entered. The keystore contains a single key, valid for 10000 days. The alias is a name that you — will use later, to refer to this keystore when signing your application.
For more information about Keytool, see the documentation at: http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
and for more information on signing Android apps go here: http://developer.android.com/tools/publishing/app-signing.html
If you are using some trackers like google analytics or amplitude and you are trying to release your app in another platforms other than Google Play, this errors appears for users. So there are two possible solutions:
Use special trackers in your app (firebase and appmetrica are tested and are ok)
Release your app in Google Play
it is due to expired of debug certificate
simply delete the debug.keystore located at
C:\Users\.android\
after that build your project the build tools will regenerate a new key and it will work fine.
here is a reference:
https://developer.android.com/studio/publish/app-signing
the solution lies in creating a new key when generating the signed apk.
this worked for me without a fuss.
click on Build
click generate signed Bundle/APK...
choose either Bundle / APK (in my case APK) and click Next
click on create new (make sure you have a keystore path on the machine)
after everything, click finish to generate your signed apk
when you install, the warning will not come.
I solved this problem by changing my application package name according to signature certificate details. At first I created application with com.foo.xyz
but my certificate organization was 'bar'. So I change my package name to com.bar.xyz and now there is no google play protect warning!
There is no very precise way to solve this problem, but the following tasks can be effective in solving the problem
Click Invalid Caches/Restart
Do the login process of Android Studio
Click generate signed Bundle / APK
Fill in all the "generate signed Bundle" information completely.
Do not use the same password. Make sure your passwords are different in
"generate signed Bundle"
different. Preferably enter the address of America with the code 01
It is probably sensitive to Persian, so it is better not to write in Persian in the program. Write the program menu in English and make it Persian in the next updates
Remove extra permissions
Finally, go to the site below and request a troubleshooting
https://support.google.com/googleplay/android-developer/answer/2992033?hl=en
Fill in the first and last name correctly
Upload the installation file, for example, in Dropbox, and copy the link
If you are using Dropbox, be sure to change the number zero at the end of the
link to one, then submit it or use link shortening sites.
If your request is not approved, shorten the link of the installation file, for
example, using the https://bit.ly site
In the description section, explain the problem. For your convenience, I will
leave a sample text for you :
Greetings to the esteemed Google Team
I am sending this request to fix the "Blocked by Pay Protect" error
****{Write your app info and your reasons}****
Fast, simple, free and lightweight, no annoying ads ,This app does not collect and store user data!
Also, no unnecessary cost is imposed on the user and is completely free , It
also certifies that this app does not harm user privacy and is not harmful to users
Thank you
If you did not receive the confirmation email, repeat the request again a few days later
If there were hardware changes, try to re-download or re-create jks file.
I also faced such problem, it occured after moving my SSD from one PC to another. This gave a hint that there were no need to send the app to Google for verification: an old apk file was installing with no warning. So I replaced an android.jks on my hard drive with the one from the cloud, created a signed apk and the problem has gone.
I kept getting this issue after installing my app on a real device for debug.
And the problem was that I had android:exported="true" attribute present on the main activity in manifest file. I removed it and Play Protect warning disappeared.
Update: The following method doesn't work anymore.
Not the solution, but you can use debug key for signing release builds to avoid blocking the installation from Google Play Protect. It looks like Play Protect doesn't warn for builds signed with automatically generated debug.keystore.
Note that your debug builds are not unsigned, they are just signed with a debug key.
Of course, you cannot use the build for production distribution (Google Play, Amazon, etc.), but it's still worth for pre-production internal testing which requires a high-frequency feedback loop.
You can add a task to build release with debug.keystore by adding the configuration in build.gradle, something like:
android {
buildTypes {
// add after the `release` definition
releaseDebugKey { initWith release }
}
signingConfigs {
// use debug.keystore for releaseDebugKey builds
releaseDebugKey { initWith debug }
}
}
then execute ./gradlew assembleReleaseDebugKey to build a release build with debug key.
This error usually happens if you try to install an app from .apk file. The first thing you can do is to disable Play Protect from the inside of Play Store app in your phone:
Open Google Play Store app --> Play Protect --> Click Settings Icon on the top --> Disable scanning apps for security
Note: It is recommended that you enable it back again after finishing installation for security purposes.
Now after this you should be able to install the app. If you still receive error saying something like Error, app was not installed when you click on the .apk file, it means you have installed version of that app already. Uninstall the app first then you can install the app from .apk file without problem.
Related
Using app bundles and play app signing is currently the way recommended by google to deploy new apps on google Play. And starting from August 2021 new apps will be strong-armed into using these formats.
How do I set this up in Unity, and how do I configure the app in Google Play?
I haven't gotten 2019.4 app bundle builds to sucessfully upload to play console, so it's probably a good idea to upgrade to the 2020.3 LTS before you start (as that's what finally worked for me.
Configuring Google Play App signing
First create a new app in Play Console, give it a name, accept terms etc.
Then, click Internal testing on the menu on the left side, and create a new internal release.
In the first question, click Change App Signing key, Use a different key and then select the third option, where you can upload your existing key (and an optional step with to add an upload key) to Google Play.
Now, don't just follow the instructions listed on Google Play, as you will end up with an upload key store that Unity doesn't know how to deal with.
Instead, using Unity, we will create two key stores and two keys. The first one is the app signing key, which you will only need to see once when uploading it to Google Play, then Google will take care of it and use it to do the final signing of your apps after you've uploaded your app bundles.
Go to Player settings → Publishing Settings → Keystore Manager → Create new in dedicated location
You don't need to fill out everything. Just the password, key alias and key password. It doesn't matter what you call the key. Don't configure Unity to use this key just yet (we'll create another key and keystore for Unity to use shortly).
Follow instructions 1.-3. on Google Play to upload this new key using the pepk tool.
Then, you need to create an upload key and keystore. Unity will use this key to sign your app bundles. Again, do NOT use the instructions on Google Play to create this key, instead use the Unity UI to create another key store that plays nice with Unity.
The passwords and alias could be whatever you want I named my key uploadkey, but make sure to keep the key store and passwords somewhere safe, you will need these later, or you'll have to create new keys and talk to Google support to reset it.
When prompted, click yes to configure your project to use this new key.
When you've created the key store and key export its public key to the .pem format...
keytool -export -rfc -keystore upload.keystore -alias uploadkey -file upload_certificate.pem
...and upload it to Google Play.
Click Update and then Continue in Play Console.
Play store should now be ready to accept your .aab files.
Configuring Unity
Hopefully, your project is now set up to sign using the upload key you just created.
Make sure to set the package name yourself by going to Player Settings → Other Settings Override Default Package Name . Type in something appropriate in lower-case characters only, the default package name has uppercase characters, which I think is just begging for problems. You can't change this later, or you'll have to create a new play store entry, so make sure it's something that's acceptable for customers to see, i.e. com.yourcompany.gamename.
It's also a good idea to enable 64-bit builds in player settings otherwise, google play will complain later. Switch Scripting Backend to IL2CPP and then tick ARM64:
Tick Build App Bundle in Build Settings.
Click Build and build your .aab file
Then upload it to the Google Play Console:
If you're lucky, everything went smoothly, and you can click save and be ready to start testing your app.
If not, you may get helpful error messages, in which case just follow them, if not and they're really non-descriptive (like "Couldn't upload. Try again."), then try temporarily uploading an .apk instead, as that sometimes gives better error messages, then switch back to .aab when you've solved the issue.
In Unity 2020.3 you can use a jks upload key in Unity that was generated in Android Studio and keep "Let Google manage your key..." selected.
To generate a key, install Android Studio and create an empty Android Studio project then once gradle settles down, choose Build > Generate Signed Bundle. When it prompts for a keystore, create a new one and save it where you want. Cancel out, then in Unity select the jks you saved as your keystore in publishing settings.
You should be able to generate an aab package in Unity using the jks as a custom keystore to upload and still let Google manage the signing key like they recommend.
After struggling with uploading an app bundle, I realized one extra thing :
Don't use any forbidden characters in your password for the keystore in Unity ! This includes spaces and brackets, maybe not only...
If in doubt, try creating the key with Java keytool command line and it will tell you your password contains characters that can't work... Even just type the command line into a terminal and you'll see your password makes the command line break !
keytool -genkey -keystore yourfile.jks -dname "n=Mark Jones, ou=JavaSoft, o=Sun, c=US" -alias android -keypass YOUR PASSWORD -storepass YOUR PASSWORD -keyalg RSA -keysize 2048 -validity 2000
Maybe special chars are allowed in the Unity key generation panel but not in keytool ! Unity should fix this issue, it was driving me nuts ;)
Peace :)
FOR ALL YOU BEAUTIFUL FOLK WHO GET STUCK AT THE LAST STEP! - READ THIS!
Blockquote
When you've created the key store and key export its public key to the .pem format...
keytool -export -rfc -keystore upload.keystore -alias uploadkey -file upload_certificate.pem
...and upload it to Google Play.
Blockquote
Click Update and then Continue in Play Console.
THIS part drove me NUTS trying to figure out what the hell you meant by that. I know it's down to the fact that I'm a complete noob at this but the rest of the tutorial was AMAZING!
So let me clarify for those newbies (like me) who might lose the plot when they get to the last step and can't figure out what the hell to do.
At this point in the tutorial:
Blockquote
and upload it to Google Play. Click Update and then Continue in Play Console.
Here is what you have to do.
If you have already uploaded the FIRST signing key you were asked to make in unity (NOT the upload one), then simply go back to the INTERNAL TESTING page and refresh it.
Click CHANGE APP SIGNING KEY and then select the third option again: "Export and upload a key from Java keystore"
Click UPLOAD GENERATED ZIP and upload the .zip file that was created during the first steps.... I named mine output.zip
At STEP 4 you will see a link called "SHOW INSTRUCTIONS" - Click the link and upload your public upload certificate that was generated in the last step. The file ending with the .pem format
Click SAVE and it should work.
NOW the next part got me. I didn't know what to do from here. The project is ready to accept the .aab files but DO NOT DO THIS JUST YET!
Learn from Mr Impatient himself (that's me), read the rest of the tutorial. Changing the file name to all lowercase is good practice to prevent issues later with CamelCaseFileNames.
FINALLY
You might get an error that says your target Android API is too low. Simply go to the UNITY PROJECT > FILE > BUILD SETTINGS > PLAYER SETTINGS > OTHER SETTINGS > and half way down the page change MINIMUM API LEVEL to "31" or above as instructed by the Google Prompt you WILL get if you ignore this :)
You can do this through Unity, it will download the latest version of the Android SDK (it opens a powershell terminal - DO NOT CLOSE THIS).
Once that's done, and you've completed all the steps listed above, then and ONLY THEN are you ready to compile your .aab file and upload it to the Google Play Console.
Finally, I want to thank the author of this tutorial BobbaLuba for his amazing efforts. After 7 hours of messing around in Unity -> Android Studio -> Google Play and almost abandoning the thought of releasing my app on Google .... it worked!
You are amazing sir. I tip my hat to you. Keep doing what you do. I for one, am eternally grateful .... I am emotionally, mentally and physically drained. I'm off to bed. Thanks again!
Good luck my little code monkeys!
Peace out
- NewbNinja
When trying to install a signed application (app-release.apk), a "Blocked by Play Protect" alert is shown and the app is not installed. However, an unsigned application (app-debug.apk) can be installed without problems.
The error message:
Play Protect doesn't recognise this app's developer. Apps from unknown developers can sometimes be unsafe.
Why this error happened? What's the solution?
I found the solution:
Go to the link below and submit your application.
Play Protect Appeals Submission Form
After a few days, the problem will be fixed
Try to create a new key store and replace with old one, then rebuild a new signed APK.
Update: Note that if you're using a http connection with server ,you should use SSL.
Take a look at: https://developer.android.com/distribute/best-practices/develop/understand-play-policies
There are three options to get rid of this warning:
You need to disable Play Protect in Play Store -> Play Protect -> Settings Icon -> Scan Device for security threats
Publish app at Google Play Store
Submit an Appeal to the Play Protect.
Google play finds you as developer via your keystore.
and maybe your country IP is banned on Google when you generate your new keystore.
change your IP Address and generate new keystore, the problem will be fixed.
if you didn't succeed, use another Gmail in Android Studio and generate new keystore.
I am adding this answer for others who are still seeking a solution to this problem if you don't want to upload your app on playstore then temporarily there is a workaround for this problem.
Google is providing safety device verification api which you need to call only once in your application and after that your application will not be blocked by play protect:
Here are there the links:
https://developer.android.com/training/safetynet/attestation#verify-attestation-response
Link for sample code project:
https://github.com/googlesamples/android-play-safetynet
the only solution worked for me was using java keytool and generating a .keystore file the command line and then use that .keystore file to sign my app
you can find the java keytool at this directory C:\Program Files\Java\jre7\bin
open a command window and switch to that directory and enter a command like this
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Keytool prompts you to provide passwords for the keystore, your name , company etc . note that at the last prompt you need to enter yes.
It then generates the keystore as a file called my-release-key.keystore in the directory you're in. The keystore and key are protected by the passwords you entered. The keystore contains a single key, valid for 10000 days. The alias is a name that you — will use later, to refer to this keystore when signing your application.
For more information about Keytool, see the documentation at: http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
and for more information on signing Android apps go here: http://developer.android.com/tools/publishing/app-signing.html
If you are using some trackers like google analytics or amplitude and you are trying to release your app in another platforms other than Google Play, this errors appears for users. So there are two possible solutions:
Use special trackers in your app (firebase and appmetrica are tested and are ok)
Release your app in Google Play
it is due to expired of debug certificate
simply delete the debug.keystore located at
C:\Users\.android\
after that build your project the build tools will regenerate a new key and it will work fine.
here is a reference:
https://developer.android.com/studio/publish/app-signing
the solution lies in creating a new key when generating the signed apk.
this worked for me without a fuss.
click on Build
click generate signed Bundle/APK...
choose either Bundle / APK (in my case APK) and click Next
click on create new (make sure you have a keystore path on the machine)
after everything, click finish to generate your signed apk
when you install, the warning will not come.
I solved this problem by changing my application package name according to signature certificate details. At first I created application with com.foo.xyz
but my certificate organization was 'bar'. So I change my package name to com.bar.xyz and now there is no google play protect warning!
There is no very precise way to solve this problem, but the following tasks can be effective in solving the problem
Click Invalid Caches/Restart
Do the login process of Android Studio
Click generate signed Bundle / APK
Fill in all the "generate signed Bundle" information completely.
Do not use the same password. Make sure your passwords are different in
"generate signed Bundle"
different. Preferably enter the address of America with the code 01
It is probably sensitive to Persian, so it is better not to write in Persian in the program. Write the program menu in English and make it Persian in the next updates
Remove extra permissions
Finally, go to the site below and request a troubleshooting
https://support.google.com/googleplay/android-developer/answer/2992033?hl=en
Fill in the first and last name correctly
Upload the installation file, for example, in Dropbox, and copy the link
If you are using Dropbox, be sure to change the number zero at the end of the
link to one, then submit it or use link shortening sites.
If your request is not approved, shorten the link of the installation file, for
example, using the https://bit.ly site
In the description section, explain the problem. For your convenience, I will
leave a sample text for you :
Greetings to the esteemed Google Team
I am sending this request to fix the "Blocked by Pay Protect" error
****{Write your app info and your reasons}****
Fast, simple, free and lightweight, no annoying ads ,This app does not collect and store user data!
Also, no unnecessary cost is imposed on the user and is completely free , It
also certifies that this app does not harm user privacy and is not harmful to users
Thank you
If you did not receive the confirmation email, repeat the request again a few days later
If there were hardware changes, try to re-download or re-create jks file.
I also faced such problem, it occured after moving my SSD from one PC to another. This gave a hint that there were no need to send the app to Google for verification: an old apk file was installing with no warning. So I replaced an android.jks on my hard drive with the one from the cloud, created a signed apk and the problem has gone.
I kept getting this issue after installing my app on a real device for debug.
And the problem was that I had android:exported="true" attribute present on the main activity in manifest file. I removed it and Play Protect warning disappeared.
Update: The following method doesn't work anymore.
Not the solution, but you can use debug key for signing release builds to avoid blocking the installation from Google Play Protect. It looks like Play Protect doesn't warn for builds signed with automatically generated debug.keystore.
Note that your debug builds are not unsigned, they are just signed with a debug key.
Of course, you cannot use the build for production distribution (Google Play, Amazon, etc.), but it's still worth for pre-production internal testing which requires a high-frequency feedback loop.
You can add a task to build release with debug.keystore by adding the configuration in build.gradle, something like:
android {
buildTypes {
// add after the `release` definition
releaseDebugKey { initWith release }
}
signingConfigs {
// use debug.keystore for releaseDebugKey builds
releaseDebugKey { initWith debug }
}
}
then execute ./gradlew assembleReleaseDebugKey to build a release build with debug key.
This error usually happens if you try to install an app from .apk file. The first thing you can do is to disable Play Protect from the inside of Play Store app in your phone:
Open Google Play Store app --> Play Protect --> Click Settings Icon on the top --> Disable scanning apps for security
Note: It is recommended that you enable it back again after finishing installation for security purposes.
Now after this you should be able to install the app. If you still receive error saying something like Error, app was not installed when you click on the .apk file, it means you have installed version of that app already. Uninstall the app first then you can install the app from .apk file without problem.
We have a few intent-filters defined in AndroidManifest for deeplinks. We also have assetlinks.json file placed on our domain at proper location with correct SHA fingerprints. We are facing a weird issue where these App links open our app directly without any chooser in between when app is installed from Android Studio.
Which is also desired behaviour, but, when we upload our app to Google play and download from there these App links open App chooser first which is not desired behaviour.
We did some experimentation like creating different intent filters for two different links, removing one link etc but this behaviour remains same. Also double checked SHA fingerprints, they seemed to be fine.
I know there is an accepted answer, but there's another scenario that someone else may face as I did.
When publishing to Google Play, if your app has "App Signing by Google Play is enabled for this app.", then it doesn't matter what is your keystore SHA256 when signing your apk on your local machine.
You need to use the SHA256 from Google Play Console -> Relase management -> App signing -> App signing certificate.
Edit (2021):
App signing key certificate is in a different location now:
Select the app from the console.
Go to Release section.
Under Setup, select App Integrity.
If you're saying that you have your assetlinks.json file at a proper location, and the JSON itself has correct statements. Then there can be two issues
Check whether you've added autoVerify=true in your AndroidManifest.xml file for the activity in which you've defined the intent filter.
Recheck the signed apk's SHA256 to confirm you're using correct SHA256 to sign your apk. You can check that using the command
keytool -list -printcert -jarfile <your_signed.apk>
and verify that the same SHA256is present in your assetlinks.json file.
To validate whether your app is actually resolved your app link, use the command
./adb shell dumpsys package domain-preferred-apps
The output would be like:
Package: com.test.example
Domains: www.test.com
Status: always : 200000000
Package: com.test.example
Domains: www.xyz.com
Status: ask
.
.
.
Find your app's package name, then check the Status for your package name, if it is always : <some_number> then your apk is correctly verified and the app link should work alright, otherwise if value of Status is ask or undefined, then there is some issue which you can refactor following the above-mentioned steps.
I am trying to upload an APK built in Unity3D to the Play Store, but it says I can't upload it because it's signed as debug mode. However, it's not! I've done absolutely everything in every forum:
Development checkbox unchecked.
Keystore set
Microsoft Visual Studio switched from Debug to Release
In the android manifest I had "debuggable=true", I removed it.
What else must I do? I think that's all.
Hello friends if you already publish your app and you want to do an update follow this.
If you are sure about your keystorage settings and if development
build is not active continue with second part.
If you are using Facebook SDK or some Google services there's a
configuration problem. Go to Assets > Plugins > Android >
AndroidManifest.xml and find android:debuggable= and just set it
false like:
android:debuggable="false"
That's all guys. Thank you and bye bye!
Okay, so in order to sign the app for distribution via Play Store you also have to add a key and sign your apk with it. To do this:
Find the Publishing Settings under Player Settings
Create a new keystore by selecting a keystore name and password (confirm the password), select "browse" to save the keystore
Select "Create a new key" under Key Alias
A new window opens; enter the necessary information.
Select the newly created key.
Build
Your app is now signed, you can upload it to Play Store
All the Play store does is look at your APK using public tools. You can reproduce exactly what it does.
To check the signing key (which will need to match to update the app):
`keytool -list -printcert -jarfile app.apk`
To look at the manifest you use a tool called aapt which comes with the android SDK. This stackoverflow question tells you how to use it to tell if your APK is debuggable.
If your APK is debuggable as defined by the method above then you haven't changed everything you need.
I recently uploaded my game on playstore made with unity but I forgot the password to the keystore when I tried to build an update.
After hours of googling I've learned the importance of the keystore file. After a few trial and error attempts I finally figured out the correct password.
However, what if in the future my keystore.debug file gets deleted accidentally? Will it be generated automatically again by unity or do I need to make a backup for this file on the cloud?
If I need to make a backup than do I need to backup only "user/.android/debug.keystore", or are there other files I need to backup as well?
Some exaplanation:
debug.keystore (located on user/.android/debug.keystore) as the name implies, it is only used for debugging. That means, it's only used when you're sitting on your computer with the phone connected via ADB and typing code.
When developers release an app. Another keystore is used, the "release" keystore. That is the one you selected when clicking "Generate signed APK" or set on your gradle file, that you had to create a password for it. That file can be located anywhere on your system, you created it, you should know where it is. That one is very important. That one is the one that will allow you to update the app on the Play Store.
Direct answers:
debug.keystore is disposable and you don't have to worry with it.
the keystore used when exporting the .apk file, that one is VERY VERY important and YES, make backup of it everywhere you can! On an external hard-drive on your house, on a USB-drive and at least 1 cloud backup (e.g. Google Drive). If you loose that file or the password, you won't be able to update your app again.
I hope it helps.
You have to differentiate between debug.keystore & release keystore
debug.keystore Android User Guide
When running or debugging your project from the IDE, Android Studio automatically signs your APK with a debug certificate generated by the Android SDK tools. The first time you run or debug your project in Android Studio, the IDE automatically creates the debug keystore and certificate in $HOME/.android/debug.keystore, and sets the keystore and key passwords.
No need to remember as its generated automatically
release.keystore
Needed to publish on google play console, But take care after you generate it and used to release signed version for push to production when you app become published you can only send updates using this key. it will be permanent for you app package name on Google play. You have to backup key and it's protection password too.