I made an app & then created an APK, generated a signed APK (I was using AndroidStudio 3.0).
I tried to post it, but I had this issue: "You must use a different package name because "com.example" is restricted." I searched on youtube then I solved this issue.
Now I have another issue when I publish my APK to Google Developer Console. The APK is signed I don't know why this doesn't work....
The error is: "You uploaded an APK signed with a certificate that is not yet valid. You must sign the APK file with a certificate that is valid"
You should read the whole of the article on "Manage your app signing keys" then maybe re-ask the question when you understand it a little better.
Every app on android is signed. Google will do the signing for you if you opt-in to Google Play App Signing (you should) but you still need to sign your app with an upload key so that Google knows it comes from you, and not some malicious attacker who has taken over your account.
This upload key can be replaced by the Play Console support team, but you should only need to do this in an emergency. Until then you should generate an upload certificate, sign your app with it, and keep the certificate safe.
All the instructions for how to generate an upload key, and sign your app with it are in the article linked above.
Related
I have an Android project in my Google Play Developer Console. I managed to automate uploading of nightly build to the Alpha channel but I also need to download the APK to get its md5 hash for my internal purposes.
I can't get md5 hash before uploading because App Signing by Google Play is enabled for this app so each APK file that I upload is re-signed with Google's keystore.
Is there a way to download APK file from Alpha channel for my own project?
You can download original and re-signed APKs from the Play Console, in the Artifact Library.
There isn't an API to download re-signed APKs today unfortunately.
Pierre's answer is correct. However, taking an MD5 hash of your APK is probably a mistake. In particular if you use this for verification you will probably introduce a bug. This is because of Google Play security metadata. This won't be consistent on all versions of your APK, and in particular can change with time without you republishing.
If you need to check the authenticity of your app, can I recommend the primary thing you check is the app signing certificate hash. This should be enough for almost anyone and is what major app developers do. If this is not good enough, please check the hash of any particular section of your app you are worried about (eg the classes.dex or a particular resource file). Please don't check the whole APK, you will cause yourself problems.
I'm getting this error when uploading my app to the Google Play Store. What am I doing wrong?
You uploaded an APK or Android App Bundle signed with a certificate that is not yet valid. You need to sign your APK or Android App Bundle with a certificate that is currently valid. Find out more about signing. You need to use a different package name because "com.example" is restricted.
Google play will not allow you to upload packages with the name com.example. Rename your packages from com.example.* to com.sonib.* (for example)
Click the link in the error message to learn how to sign your app with a valid certificate. Follow the steps to get a certificate and sign your app. Note: You may need to purchase a secure certificate. This is required to upload public applications to the Google Play Store.
How to sign your app: https://developer.android.com/studio/publish/app-signing
Here is one example of where to buy a certificate: there are many possible vendors, so feel free to shop around.
Where to buy a certificate: https://www.websecurity.symantec.com/code-signing/android
The error message you provided says com.example is restricted as APK package name, so the issue is clearly that you named your application this, which is invalid on Google Play.
Change your project name and you should be good to go.
I have not run into this issue on the Google Play Marketplace, but I would imagine you will also get the same error of you attempt to use the same package name as an application already published in the store.
As far as the certificate goes, I am assuming you are using Android Studio. Simply build a Signed APK from the build menu. This is how I create the APKs I publish on Google Play and I have never had an issue.
I am using Firebase Authentication for authenticating user in my application.
Everything was working fine till I was working on debug build of my application. But the moment I have uploaded the signed apk in playstore, my user authentication service always fails with "Developer Error" message.
On some web research, I find out that I need to generate SHA certificate for my signed apk also. I have generated SHA with locally created ".jks" file, which I have used to sign my application locally before uploading. I have added the generated SHA keys to firebase project console and generated new google-services.json file. Even this approach has not helped me.
I am suspecting that this is happening because I am using "Google Play App Signing (https://developer.android.com/studio/publish/app-signing.html)" which is again changing the certificate. Can anyone please help me and let me know what is the right process for updating SHA keys for release apk.
If play store is doing the app-signing, then how can it be the part of "google-services.json" where SHA keys must be mentioned beforehand?
Please help!!!
Open App signing section in Google Play Console, and get SHA1 of app signing certificate
if you are using local .jks file for signing, you dont need to google play app signing. after adding your .jsk file's fingerprint into firebase console. just sync it in android studio or try to run the app on your phone first after that build a new signed apk. Then upload it on playstore.
I uploaded an apk signed with my keystore to Google play with accidentally enabling Google App Signing option.
I have same apk uploaded at my website.
Now, Due to Google App Signing option, both apks have different signature
Google Play Apk : Signed by Google
Website Apk : Signed by my key
which is causing The apk must be signed with the same certificates as the previous version error on update.
Q) How can I make my Website-apk signed with same signature as Google-Play-signed-apk?
Good question.
Unfortunately there is no way to use the final key provided by Google App Signing and generate your own apk with these key, its use is only internal by google to publish in the store.
Important: App Signing opt-in is permanent Google Play App Signing is
an optional program. If you prefer, you can continue managing your own
keys.
Once you've enrolled your app in Google Play App Signing, withdrawal
is not supported. To preserve the security of your app signing keys,
we don't have the ability to remove keys from the secure server.
Here's more information:
https://support.google.com/googleplay/android-developer/answer/7384423
I'd suggest you to simply extract the apk provided by the Play Store (there are a lot of tools or apps to achieve that), and upload it to your website, or redirect to the Play Store page of your app.
Regards.
Here's how it works:
You have X, your original app signing key that's used to sign the APK that's installed on user's devices - you gave this to Google when you enabled the "App Signing" feature.
You also have Y, the upload key - you use this to sign the APK that you upload to the Play Store.
Google Play will remove the Y signature from the APK you gave it, and will sign the APK with X and send it to the user.
For the APK you want to upload to your website, you need to sign with X
Never lose X, store it in a secure place (like Lastpass Secure notes).
I've developed and uploaded an android app to the Google Play Store, and I "accidentally" clicked the enable Google Play App Signing.. Now my app has been "stuck" at that stage for some hours now, and I'm suspecting the signed .apk (signed by my, by a jks I have on my machine) is not signed with the correct certificate..
Since I clicked enable to the Google Play App Signing, I got a "upload.pem" and a "deployment.pem", but I have no idea on what to do with these to certificates, and absolutely no idea on how to sign my .apk with these/one of these, since the info page only says that you need to use the upload to sign the .apk. (https://support.google.com/googleplay/android-developer/answer/7384423)
So I'm wondering if anyone could help me with what to do, and how to sign the app correctly?..
You do not need to import upload.pem to keystore that you used to sign the APK previously, unless you are using a new keystore to sign the APK. Just sign it with your keystore and upload it to Play Store.
I've created a guide here if you need help with the procedure
just add publish sha1 key in your api console
you have some publish upload sha1 key, md5, another type of hash key. just copy the sha 1 key and paste api console with app package name.
its work for me ,i hope this will help. thak you