You uploaded an APK with an invalid signature (learn more about signing). Error from apksigner: ERROR (Jar signer CERT.RSA): JAR signature META-INF/CERT.SF indicates the APK is signed using APK Signature Scheme v2 but no such signature was found. Signature stripped?
Im doing this with Cordova, signed it and then aligned it, i dont really know what im missing here..
Do alignment (if you really need it) before signing
https://developer.android.com/studio/publish/app-signing.html#signing-manually
I was facing the same problem with my Cordova project and was able to resolve it by following the steps below: (took 2 days to figure out the solution :D hope it works for anyone who lands in here.)
Import your project in AndroidStudio
Under Build Click on Generate Signed Bundle / APK
Select Android App Bundle
Update Keystore file/password and all requested details (Please select the option of the export encrypted key, as you will require to upload this on the playstore)
Select Release
Before uploading the app bundle you need to upload the certificate (the one you download in step 4)
(optional step) You will also see an auto-generated App signing key certificate you can download that if you want
Upload the App Bundle & you can now release the App to PlayStore.
I've just found that error with multiple APKs from different projects. What they had in common (from a user's perspective) was they were compiled in the same narrow time frame (within a few weeks, and about a year ago).
I've contacted the resp. developers via their corresponding Github repo. In all cases, the issue solved itself by compiling the very same code again with an updated version of Android Studio.
So if it's not the "processing order" explicitly performed by you (yes, with v2 signing must be the very last step or the signature will be broken), it might well be there was a bug in a specific version of Android Studio and, as shown, updating to the recent version and simply recompiling will solve the issue.
Related
Recently trying to create a new App and upload a brand new APK with self signed certificate (Not Google App Signing) Results in the following error
You uploaded an APK or Android App Bundle that is signed with a restricted certificate. You need to upload an APK or Android App Bundle signed with your own certificate.
I don't believe this error is entirely correct as I do sign the certificate myself locally, this seems like a recent change to our on boarding process and opt-in is now default for google app signing but our infrastructure doesn't have the right pipeline for this yet.
Is there any other things to verify and test, as I see the keystone file is still there and there's no build errors when it's being signed. Also this is a brand NEW application I don't understand why this error would occur for the initial upload since there's no other keys to check against.
I've searched the net but most issues appear to be happening in 2018 and this is more of a recent change that started to occur for us.
EDIT: This is using Cordova build tools not through Android Studio.
Try to follow these trouble shoot steps and see if that will solve your issue:
Clear everything in the Release folder, present in app->build->outputs->apk->release.
Generate new signed apk which will get created in the same above mentioned directory.
Make sure you are bumping the version code.
I don't have a full answer as to Why it was failing, however right after the build for cordova build android --release that APK will upload. But If I use that APK in an emulator to test something first that APK is no longer valid to upload and I get the error pasted above.
basically in our pipeline I had to create a copy of the APK right before creating screenshots and then use the copied APK to upload onto google console.
I am getting old bugs on my app which were already fixed in previous builds, the weird thing is these bugs only occurs when I download my app from the playstore. The app works without any bug or crash when I download the apk from my playconsole release dashboard or internal test(I tried both the original and modified download option). All of the apks are the exact same build version.
I have already tried to check the hash of the apks by doing the following:
Download apk from internal test dashboard (modified version)
Download apk from release dashboard (modified and original versions)
Download the app from playstore then get apk via adb
Then I generate hash using the command
openssl dgst -md5 appname.apk
and got same hash for apks from 1 and 2. However, for 3 the hash is different and it's also the only apk with all the bugs that were already fixed. I am not sure what causes this and I don't know it normally the hash from store and release dashboard are normally different. Thankyou for any help.
When you upload your app on play console, its again re-signed apk using PEPK tool for security. That's why you get different SHA-1 key from play console.
You can get more information from this link
You'll get setps for getting this SHA-1 back from your play console. Download PEPK.jar from your console & get SHA-1 key via cmd.
This will help you. see this command
Cannot install signed release APK on my phone and cannot upload it on Play Store.
I created a signed release APK with V1 and V2 JAR signatures check boxes checked. When I try to put the APK on my phone and install it gives:
App Not Installed
I double checked and I don't have the app installed with the same package name; I removed it for all users.
After no luck, I thought of uploading it to Play Store using Test Draft, but
as soon as I upload the same signed release APK, it gives me the error:
No JAR Signature.
I'm using Android Studio Version 3.3 and I'm dealing with a Play Store Jar Signature error (double checked V1 and V2 checkboxes and both are checked).
Play Store error:
Generating release APK with Android 3.3 (latest as of now) produces same error on APK installation and during the Play Store upload.
Generating signed release APK with my other system which have Android version 3.1 works fine (APK installation and Play Store upload without any errors).
It may be a fix, but still the source of the error is not found.
It looks like your APK is not signed. You can verify this locally by running the following command:
jarsigner -verify app.apk
If the app is signed (with v1 signing), it should output jar verified.
Are you sure that you are uploading the APK that is signed and not an old build or an intermediate artifact?
Try using third Party Software for Signing. That fixed it for me I was having the same issue and nothing else helped. FYI you can still use the key you generated in Android Studio.
You have to Check many factors on this issue.
add this line in your manifest. 'android:testOnly="false"'
add this line in your build.gradle app 'multiDexEnabled true'
After this all you have to open setting in your mobile allow from unknown source and also allow from source like from files or whatsapp from where you want to install this application.
check image for more understandings
enter image description here
Upload new APK to Alpha
Upload failed
You uploaded an APK with an invalid signature (learn more about
signing). Error from apksigner: ERROR: JAR_SIG_NO_SIGNATURES: No JAR
signatures
Not sure what to do, I'm just trying to make an Alpha release of an Android Studio project..
You can see from the error that there is no jar signature.Select both the checkboxes for signature versions (v1 and v2) in last step and then build the apk. It will work
I was getting this error when I updated to android studio 3.3, the solution was remove the build folder, and then try again.
I think that you probably simply accepted the default configuration settings during the APK signup process in Android Studio. This is ok most of the time, but might generate a slight confusion if you use Android 7.0+ Indeed from version 7.0, Android intruduces the new V2 Signature Scheme in addition to the "old" V1. The new scheme is supposed to offer faster app install times and more protection against unauthorized alterations to APK files, and it is therefore the default scheme in Android Studio's "Generate Signed APK" dialog box.
The problem is that Google Play in your case wants the V1 scheme to be applied, that is the JAR signing, rather than the APK signing as in V2. The Google Play documentation explicitly states that: "Although we recommend applying APK Signature Scheme v2 to your app, this new scheme is not mandatory. If your app doesn't build properly when using APK Signature Scheme v2, you can disable the new scheme.".
The solution that I have found in those cases is to enable both, as shown in the screenshot below. Once you do that the signed APK should be accepted without problems by the Google Play versions management system.
Generate Signed APK dialog box in Android Studio
This is the complete procedure:
in Android Studio, select "Build > Select build variants" and make sure that the "release" variant is selected
select "Build > Generate Signed APK" and enter the information about your keystore. I suppose that you have already created a signed APK in your previous try so these fields should be already set to the latest values. Click [Next].
the next screen is where you have to make sure to check both V1 and V2 as the signature versions, afterwards click [Finish] to generate the APK.
Build -> Clean project
Select the checkboxes for signature versions v1 and v2
It worked, when selected only V1 (Jar Signature) :-)
Many hints spread across the comments above but these steps are what (FINALLY) worked for my Android (Cordova) app as of 11/2019:
Increment Android Build/Version Number in Manifest (if necessary)
Run cordova build android
Open project in Android Studio
Run Build > Clean Project
Run Build > Generated Signed Bundle / APK
Fill out dialogs and ONLY check the "V1 JAR" sign checkbox - did not check the "V2 Full APK Signature" checkbox.
Upload APK to Google Play Dashboard
Cross your fingers
First remove your project's build folder, then generate apk or bundle again. This solution was fixed the issue for me.
Make sure you're using the right certificate key file and follow these steps in Android Studio:
Click Build -> Clean Project
Click Build -> Generate Signed Bundle / APK
Follow the steps and make sure you've selected both options in "Signature Versions" (V1 - Jar Signature and V2 - Full APK Signature)
That should work!
That error was done after I updated my Android Studio to latest version and built again.
(PS: Now I am getting the error "Your app currently targets API level 26 and must target at least API level 29 to ensure it is built on the latest APIs optimized for security and performance. Change your app's target API level to at least 29" but this appears simple to solve...)
I have an updated version of Android Studio. Therefore, I don't have the option to check both v1 and v2.
Build Clean and Generate Signed Bundle/APK again worked for me.
I met strange thing to upload my apk on Google Store.
I needed to upgrade my app so I rebuild APK with the same keystore file which was used in last one.
But I got this issue. This is unity project.
I checked all build settings including short bundle version and build version on Unity Editor, but I couldn`t find the strange thing.
I upgraded build version and short bundle version and tried to upload APK on Google Store, but I got the same issue.
How Can I solve this problem?
Please let me know what the cause of this issue is.
The SHA1 hash for the two applications are technically different. So there are really only two options:
You are actually signing the APK with the wrong key. I would run a quick SHA-1 over what you think is the signing key to verify before doing anything else.
This is the LEAST likely. Something is wrong with your signing setup - I don't know how you produce artifacts (CI, manually, etc) but you could always try signing your APK manually without any tools to verify it isn't the problem of something else https://developer.android.com/tools/publishing/app-signing.html
Being blunt, 1 is much more likely than 2. So I would first start checking the hashes of other *.jks files you have nearby before venturing down the path of verify tool correctness.
You're using a different keystore. There is sometimes a keystore for debugging, and a keystore for the release. Ensure you're not using the incorrect one.