gives: PlatformException(sign_in_failed,com.google.android.gms.common.api.ApiException: 10: , null)
I have a flutter app that has ci/cd & Google sign in which fails because of SHA1 change Because of the change of the machine that builds the apk in debug mode so how to make the google sign in work on the ci/cd apk or How to add the ci/cd machine SHA1 to firebase to. make the google sign in work?
You should create a separate signing key for the debug build type or copy the existing one which was created by your development machine.
Copy the debug signing key into your project folder and configure it in gradle.
Example: Create a signing key namend debug.keystore with the alias androiddebugkey and password android. Then create a folder named keystore in your android project directory and copy the keystore into it. You can assign a debug signing key in the app module's build.gradle file like this:
signingConfigs {
debug {
keyAlias 'androiddebugkey'
keyPassword 'android'
storeFile file('.././keystore/debug.keystore')
storePassword 'android'
}
release {
...
}
}
This way all developers and the CI/CD systems use the same debug signign key.
generate keystore like this answer here
open the keystore with keystore explorer here
copy SHA1 & add it to firebase android app
add the keystore to code magic
[EDIT: I have found that if I have "minifyEnabled true" set for release build, then I see the following issue. If removed, issue is resolved. Is this a bug?]
Original post:
I have my library that I am using in my app, as Library project. In that Library I am using raw files that are in "myLibrary\src\main\res" folder. I use resources?.openRawResource(R.raw.file) function to access the file.
This is working fine when I am developing project and run the app on my device. But when I download my published app from playstore, openRawResource() fails and returns nullpointerException.
I opened signed apk in win rar, the raw files are not in there.
Also, when I use the following config to build and install the app on my device using Android Studio, then it works fine.
signingConfigs {
config {
keyAlias 'abc'
keyPassword 'pass'
storeFile file
storePassword 'abcPass'
}
}
Can you tell me what possibly could be wrong?
I am developing for a closed platform and need to sign my apk with platform keys to be able to read from certain protected libraries. since this app additionally is not available on the Google Play store, does this mean that I don't need to sign with any other public private key pair for a release build? currently my workflow is such that we first create the build with gradlew assembleRelease which I assume uses the local.properties to sign my apk given the current build.gradle setup:
release {
keyAlias 'androiddebugkey'
keyPassword 'android'
storeFile file('./debug.keystore')
storePassword 'android'
}
if I am subsequently using apksigner to sign with the platform credentials, does that render the aforementioned release build.gradle config pointless?
So it looks like the gradle configuration is used for a particular build type, or the alternative is to use zipalign and apksigner on the apk generated from the gradle task. So if i wanted to continue using apksigner i should remove the build.gradle configuration. I guess theoretically it was signing again the app twice, but since the last one was the non-debug keys, it didn't really matter.
For reference:
https://developer.android.com/studio/build/building-cmdline#gradle_signing
I am trying to upload the latest version bundle of an app that is already in the Google Play Console and I received this message:
You uploaded a debuggable APK or Android App Bundle.
I have not defined android:debuggable in AndroidManifest.xml.
If I try to define android:debuggable = "false" I get an error telling me that I should avoid hardcoding the debug mode as the system now assigns that as required.
How can I please both Android Studio and Google Play Console in their seemingly mixed messages?
It seems like you are uploading the debug variant of the app instead of the release one. Since the app you are uploading already has a previous version on Google Play, you will need to upload a release variant signed with the same key as the previous one.
Check if you have the following in your app level build.gradle
signingConfigs {
release {
storeFile file("...")
storePassword "..."
keyAlias "..."
keyPassword "..."
}
}
If it does, you can build the release variant by the command
./gradlew assembleRelease
If your build.gradle does not have the release signing config, then it must have been signed using Android Studio's "Generate Signed Build" option, and you will have to get the keystore file from the person who generated it in the first place.
You can read more about app signing here
The answer from #basilisk led me towards the solution by referring to the build.gradle file where debuggable true had been set for me. I changed this to debuggable false and the Console would now accept my app bundle without any warnings.
So in short check if debuggable is set in build.gradle as well as in AndroidManifest.xml.
Some time ago I created an example project (lets call it "example project") with Oauth2 client id for android application in Google APIs console. I also added SHA1 fingerprint and package name (for example com.package.name).
My mistake was that an application with same package name already existed. Now I need to create an Oauth2 client id for android application in the "valid project" with package name com.package.name and with SHA1 fingerprint which I added before. Obviously when I tried to add this fingerprint I got an error.
The signing fingerprint you specified is already used by another Android OAuth2 client.
After that I remembered about "example project" and deleted client id from this project. The problem is that I still not able to add this fingerprint for package name com.package.name. Client id is deleted but still I have the same error as above.
So do I have a possibility to use this fingerprint for the same package name in another project?
This error occurs when there is an existing SIGNING CERTIFICATE FINGERPRINT (SHA1) on Google Developers linked to a different account.
Solution is to delete the project that is using that SHA1 in console.developers.google.com for the old/incorrect project.
You cannot change the SHA1 fingerprint once it is set.
Remember that deleting the project takes 7 days to completely remove it.
Another option is to delete the debug.keystore and generate a new one with:
keytool -genkey -v -keystore debug.keystore -alias androiddebugkey
-storepass android -keypass android -keyalg RSA -validity 14000
Remember you have to uninstall the app otherwise you get the [INSTALL_FAILED_UPDATE_INCOMPATIBLE] error.
The signing fingerprint you specified is already used by another
Android OAuth2 client
I have to check every project and tried to find another Client ID configured with the SHA1 fingerprint and package name that i tried to configure, unsuccesfully.
At the end the solution was delete the client ID that i tried to edit and add again with the SHA1 fingerprint and package name, it worked for me:
https://console.developers.google.com/apis/credentials
It's late but worth. I have done the same mistake. I added a project to firebase in the wrong account then I deleted and try to add in another firebase account but I couldn't do it because the error indicates that the project is already registered. So it takes time to round about 5 to 7 days to completely delete.
Here is the step I followed to generate another sha1.
Go to .android in my pc located. C:\Users\shahz.android.
delete debug.keystore.
rebuild android project.
click on signing report (right side bar click gradle,
app/task/android/siginingReport)
you will get a new debug key with new sha1.
register your app.
If you are using each firebase project for each env as I am, the below approach might be helpful.
In your build gradle, create new application id for each env:
productFlavors {
dev {
applicationId "se.abc.dev"
}
stag {
applicationId "se.abc.stag"
}
prod
}
On each firebase project, add a new project with corresponding application id with the same finger print. Remember to download the new google service json file since the application id was changed. The package name remains the same so it would not be a problem when uploading into google play. But for sure, I leave the prod flavor empty, so the package name and application id will be the same for prod release to avoid trouble.
As someone could wanna use the same application through two or more firebase projects for many reasons and so get this error I here do address this particular scenario. The esiest way to run the same application upon two or more different firebase projects (let’s say production and staging) is to add to your Module level build.gradle file a build variant (let's say staging) like this one:
apply plugin: 'com.android.application'
apply plugin: 'com.google.firebase.firebase-perf'
android {
compileSdkVersion 27
buildToolsVersion "27.0.3"
defaultConfig {
applicationId "com.mydomain.myapp"
minSdkVersion 19
targetSdkVersion 27
versionCode 18
versionName "2.8"
testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
multiDexEnabled true
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
staging {
initWith debug
applicationIdSuffix ".staging"
versionNameSuffix = "-staging"
}
}
}
dependencies {
[...]
}
// Firebase
apply plugin: 'com.google.gms.google-services'
In the build variant staging what's most important is the line:
applicationIdSuffix ".staging"
This will inject at build time a ".staging" suffix to your application ID so that you will automatically have
applicationId "com.mydomain.myapp.staging"
You than need to add this application ("com.mydomain.myapp.staging") to your firebase staging project and so you will be able to add the same "com.mydomain.myapp" SHA1 to this application, because it has a different application ID.
I have faced same problem, its solution is very simple
Go to Console.developer and you can see some auto generated key created with this package. delete that package and add again sha key. hope you will got success. follow this link
https://console.developers.google.com/apis/credentials?
Ran into this issue today. As the project takes a long time to get completely deleted, the easiest way is to create a new SHA1 by simply deleting the local debug.keystore. It get's auto generated when you run any app after deleting it. This is documented in the Android docs here.
I'll note that this if your app is listed in the play store, you probably don't want to change the package name and you probably don't want to replace the production key (as you'll be forced to make a new listing).
If you're absolutely sure that there are no currently active projects making use of the current package-name/fingerprint pair, one final thing to try: Make a completely new credential. You'll have to replace your credential file in the application.
I didn't expect this to help, but it did. Maybe Google is somehow caching the lookup? "This packagename/fingerprint/clientID lookup is a duplicate, so don't bother looking it up again."
Sometimes it occurs becuase you have linked the app with Google Cloud Platform project for an API like Google Signin. So firebase shows OAUTH2 issues. At one time either you can use Auth service by firebase or gcp.
Possible Solution: Try to remove the Google Cloud Platform or create a new Android Project in Android Studio.