We currently use a app creator that creates the app package for us. They use an app name convention that have their domain name in the url, ex: com.theirname.ourapp
We are working on a new native app, and will stop using the app creator that we must pay monthly and also did not cover all our needs.
My question is: Do they own the "com.theirname.ourapp" package name? or could we deploy the new app using the same name? We have almost 100K installs, and will not like to star fresh with a new package name. Could they ask or force us to stop using "their" package name?
Thanks,
Luis
The package name is the smaller. The problem i can see is the key. When you create an app you need to generate de APK. APK is the package to install the app id all devices, but the updates need a new one APK signed with the same key. The package you can change and sometimees give you problems, you nd to be carefull with that, but the key always has to be the same. The key has a passwords and then you need to know too.
In the wide world of Android, no-one owns the package name, ignoring legal questions like trademark or copyright. If you are interested in these then you should consult a lawyer, not stackoverflow.
However, in the world of Google Play, the most popular app store on Android, then each package name belongs to a developer account.
If you generated the app with the App creator, and the app creator uploaded it to Google Play, then it will be associated with their developer account. You will also have other propblems, like it being signed with a signing key that they own, not you.
if you generated the APK file with the App creator, and then downloaded it. Then you uploaded it to Google Play later, then the package name is associated with your developer account. You might still have problems with the signing key, unless you signed it yourself.
Any responsible App creator should let you transfer ownership, and also be prepared to let export the signing key. If they don't this is a problem. If this turns out to be the case, you might want to contact Google Play developer support to see if they can help you. I don't know what would be done in this scenario. If this is the case then I'd also share the name of the App creator in your question as a warning to other App developers.
Related
I am a newbie android developer, my latest app has package name of com.myWebsite.appName, is that ok since it will be uploaded to the client google play account, or should I change it to com.clientWebsite.appName
I will create my own developer account very soon, and I want to make sure that won't cause me problems in future when I use com.myWebsite in my package in future and upload them to my own personal account
Thank you
MORE CLARIFICATION
So can I have com.myWebiste.appName1 under a developer account and com.myWebsite.appName2 under another developer account ?
Spend some time and go through this link on Android package names. The store requires each app to have a unique package name hence the need to use com.clientWebsite.appName in the event that in future you may need to publish your own app with com.myWebsite.appName as its package. We've all been there
There's a developer interested in purchasing one of my apps (the only one that actually have users), meaning I would need to send him the original source code, the keystore and request Google for a transfer following this link: https://support.google.com/googleplay/android-developer/answer/6230247?hl=en
The issue is: all my apps use the same certificate from the same keystore.
So my question is: Would it be possible for the new developer to hijack any of my other apps?
I believe that the answer is "No. A device would allow another apk signed with the same certificate and with the same package name to update on the device, but Google Play wouldn't allow the developer to upload another app with the same package name as any of my other apps".
But I'm not sure on that and I would like further tech details on it.
As I said, the other apps I have are not important and I could just as well unpublish them. But I rather not, and even if I do, the question is still valid.
ps.: yeah, now I've learned that I should have 1-certificate per app.
The package name of your application is unique in the Play Store. It is how devices (and the Play Store) identify your application, and thus must be unique and cannot be changed. Android will not allow your users to install two applications with the same package name.
However, giving your keystore to another developer is still risky. The Play Store employs two gates when updating an application:
First, you must have access to the account that owns the application.
Second, you must have an APK signed with the correct keystore
By giving someone access to your keystore, you remove one of the two security checks. If the new owner of the application where to gain access to your developer account, they could re-publish the other applications as well. There's also the risk of this new owner selling the keystore and application to someone else in the future who might do the same thing.
Theoretically if your account is secure, then your other applications are also safe from hijacking.
Whether this risk is acceptable is up to you.
They could sign an APK and encourage your existing users to sideload it. When sideloading, the app isn't going to be able to know if it came from you or them. But the Play store itself won't let them upload an app that you haven't transferred to them.
Normally, part of the agreement when the buyer buys and app that using a key used by other apps would include a small snippet that the buyer must protect the key. This agreement would be bilateral anyways, since you could in theory hijack their users by sideloading a signed APK.
Would it be possible for the new developer to hijack any of my other
apps?
No way in the world its possible for him to do anything to any other of your apps unless you give him your keystore.
Your keystore is the key to all your applications and you should never share it with anyone. Having an app signed with your keystore in my developer account would never ever let me do anything to your own apps.
Anybody can have apps publish in plays store with different keystores.
My app is not yet in production. But I just released it to public alpha (no users yet). Anyway, I realized that I signed my app with the wrong key and I need to change that. What are the consequences. Does that mean I can no longer use my package name, my app name, what do I lose? Or will I be able to simply keep absolutely everything except the apk. thanks for any detailed help and loophole avoidances.
Per the Things that cannot change blog post:
Just as important as the manifest package name is the certificate that application is signed with. The signing certificate represents the author of the application. If you change the certificate an application is signed with, it is now a different application because it comes from a different author. This different application can’t be uploaded to [Google Play] as an update to the original application, nor can it be installed onto a device as an update.
Therefore if you'd like to change your signing key, you will also need to change your package name. Everything else can stay the same.
I was recently hired to rewrite an existing Android project. The old project was published to Google Play, but I do not have access to the source files or the certificate that was used to sign it.
I finished my project, but I'm unable to publish it as a replacement for the old version because I signed mine with a different certificate. Google Play is also complaining because I used a different package name than the original project.
Is there any way around these roadblocks?
It is a new application from GooglePlay perspective. So you can only publish it as new application
As you changed its package name....the only option you have to publish it as a new app on google play
It's a different app if it has a different package name; this is fundamental to Android. Package names are how you refer to a specific app in code and how you search for a specific app, among other things. If you want it to be the same app, keep the same package name!
If it is signed with a different certificate, it can't be installed as an upgrade. This is presumably so you can't install an app with the same package name as another app and read its private data — you have to delete the app (and its data) first (the benefit is limited, of course: you can uninstall the real app and install a lookalike malicious app and steal the user's data that way). This is a bit of a limitation in Android (it doesn't handle certificate expiry, for one) and might be fixed at some point, but I don't expect it to happen any time soon.
I've been in the same situation before — the original developer lost the signing key for one app but not the other. We changed the package name and released it as a new app.
Application names on Google Play don't need to be unique, and it's possible to request Google to remove violating apps through trademark claims or DCMA. What's not really clear, however, is how it works with package names.
What if I'm developing "the Google app" (forgive me for a silly example) but somebody beats me to registering com.google?
Can I prevent this from happening by uploading a signed, though unpublished APK to Google Play? Or do I actually have to publish the empty app?
Can I request Google Play to remove the existing app with its package name (and allow me to take it) because they've illegitimately used "google" in the package name?
Another question appears here on Stack Overflow, but doesn't really address package names.
Yes. Just make a build of the app, sign it, submit it to your account, but Save, don't Publish. You've then reserved your package name, but nothing is publicly visible.
You can make a Copyright claim, whether you get anywhere is another matter...
Most normal people won't care or even notice what's in the package name, so for me I'd be more concerned about the branding and whether someone else were using a copy of my branding to promote their own offering.