I made an app and I published it on the PlayStore.
I made an update and now I'm trying to re-import it into the Android publish web site.
I generated my app like this : (with Android Studio)
Build
Generate Signed APK...
I choosed my app
Click "next"
And I used the same key, same password etc ...
The apk is succefully generated (and signed).
But when I tried to upload the app on the publish website (to update the app online) it tells me:
You have imported an APK file without a signature. You must create an APK file with a signature.
Have you got an idea why it's crashing?
It's contradincting, Android studio tells me that the signed app is generated but the website tells me it's not a signed app.
EDIT :
I tryed to "Build -> Clean Project" and "File -> Invalidate Caches / Restart..." without success. I also tryed to make a new project, copy past all code and retry :/
I assume that you're creating your keystore correctly and none of the solutions in AMAN SINGH's answer worked for you.
There's a new signing scheme in Android called Apk Signing Scheme v2.
https://source.android.com/security/apksigning/v2
When you're signing your apk there're two checkboxes.
v1 (jar signing)
v2 (apk signing)
v1 signature is required, if the APK's minSdkVersion is 23 and lower. Android versions before Android Nougat (API Level 24) ignore v2 signatures so apks which don't have a valid v1 signature will be rejected by Play Store.
In Android 7.0, APKs can be verified according to the APK Signature
Scheme v2 (v2 scheme) or JAR signing (v1 scheme). Older platforms
ignore v2 signatures and only verify v1 signatures.
Edit:
Thanks Alex Klyubin for information.
I don't understand the language in which the image is there but if you already uploaded your APK once then,
*) You need to use same signed keystore signature which you used first time at generating signed APK.
*) Check your Manifest.xml, android:debuggable="true" if this is there remove this line or make debuggable="false"
*) check `versionCode' should be greater than last uploaded
*) Check versionName should be greater than last uploaded
*) Tick Mark in both the column while building the Signed APK
Related
Cannot install signed release APK on my phone and cannot upload it on Play Store.
I created a signed release APK with V1 and V2 JAR signatures check boxes checked. When I try to put the APK on my phone and install it gives:
App Not Installed
I double checked and I don't have the app installed with the same package name; I removed it for all users.
After no luck, I thought of uploading it to Play Store using Test Draft, but
as soon as I upload the same signed release APK, it gives me the error:
No JAR Signature.
I'm using Android Studio Version 3.3 and I'm dealing with a Play Store Jar Signature error (double checked V1 and V2 checkboxes and both are checked).
Play Store error:
Generating release APK with Android 3.3 (latest as of now) produces same error on APK installation and during the Play Store upload.
Generating signed release APK with my other system which have Android version 3.1 works fine (APK installation and Play Store upload without any errors).
It may be a fix, but still the source of the error is not found.
It looks like your APK is not signed. You can verify this locally by running the following command:
jarsigner -verify app.apk
If the app is signed (with v1 signing), it should output jar verified.
Are you sure that you are uploading the APK that is signed and not an old build or an intermediate artifact?
Try using third Party Software for Signing. That fixed it for me I was having the same issue and nothing else helped. FYI you can still use the key you generated in Android Studio.
You have to Check many factors on this issue.
add this line in your manifest. 'android:testOnly="false"'
add this line in your build.gradle app 'multiDexEnabled true'
After this all you have to open setting in your mobile allow from unknown source and also allow from source like from files or whatsapp from where you want to install this application.
check image for more understandings
enter image description here
I want to release a new application. And I have created a keystore specifically for that application. When on the Google console I accidentally clicked on enabling Google Play App Signing. My APK upload failed because it did not match the application signer. I have long lost the application keystore before. How can I release a new application with a new keystore? Explanation from Google makes me even more confused, can I give me the order that I have to do.
My error on console looks like this:
And the upload certificate section is written like this:
Your application does not have an upload certificate. The certificate
you use to sign the first APK will be used as an upload certificate.
While generating signed APK, Just check on Both signatures version i.e
I want confirmation that I have found the answer, via this link
[Android Signed APK showing as Unsigned APK when trying to upload to production
I have to check both options when generating a signed APK.
There are three choices available to us:
select V1 (For older version of signing) - apk gets uploaded
successfully
select V2 (For newer version of signing) - Please note that selecting
this alone will not work.
select V1 and V2 (For older and newer version) - apk gets uploaded
successfully
Why selecting V2 alone does not work ?
Because APK Signature Scheme v2 was introduced in Android 7.0
(Nougat). To make a APK installable on Android 6.0 (Marshmallow) and
older devices, the APK should be signed using JAR signing before being
signed with the v2 scheme.
thank you for participating in helping find answers
Please select at least one of the signature versions to use in Android Studio 2.3
Now while generating a signed APK in Android Studio, it's showing two options (CheckBox) namely 1. V1 (Jar Signature) and 2. V2 (Full APK Signature) as Signature Versions in the last step of signed APK generating process.
So, what is the difference between V1 (Jar Signature) and V2 (Full APK Signature) in the new Android Studio update?
And which should I use (or both) for signing apk for play store release?
Also, I'm getting error Install Parse Failed No Certificates while installing APK when I use the second option.
It is a new signing mechanism introduced in Android 7.0, with additional features designed to make the APK signature more secure.
It is not mandatory. You should check BOTH of those checkboxes if possible, but if the new V2 signing mechanism gives you problems, you can omit it.
So you can just leave V2 unchecked if you encounter problems, but should have it checked if possible.
UPDATED: This is now mandatory when targeting Android 11.
Should I use(or both) for signing apk for play store release?
An answer is YES.
As per https://source.android.com/security/apksigning/v2.html#verification
:
In Android 7.0, APKs can be verified according to the APK Signature Scheme v2 (v2 scheme) or JAR signing (v1 scheme). Older platforms ignore v2 signatures and only verify v1 signatures.
I tried to generate build with checking V2(Full Apk Signature) option. Then when I tried to install a release build in below 7.0 device and I am unable to install build in the device.
After that I tried to build by checking both version checkbox and generate release build. Then able to install build.
It is written here that "By default, Android Studio 2.2 and the Android Plugin for Gradle 2.2 sign your app using both APK Signature Scheme v2 and the traditional signing scheme, which uses JAR signing."
As it seems that these new checkboxes appeared with Android 2.3, I understand that my previous versions of Android Studio (at least the 2.2) did sign with both signatures. So, to continue as I did before, I think that it is better to check both checkboxes.
EDIT March 31st, 2017 : submitted several apps with both signatures => no problem :)
According to this link: signature help
APK Signature Scheme v2 offers:
Faster app install times
More protection against unauthorized alterations to APK files.
Android 7.0 introduces APK Signature Scheme v2, a new app-signing
scheme that offers faster app install times and more protection
against unauthorized alterations to APK files. By default, Android
Studio 2.2 and the Android Plugin for Gradle 2.2 sign your app using
both APK Signature Scheme v2 and the traditional signing scheme, which
uses JAR signing.
It is recommended to use APK Signature Scheme v2 but is not mandatory.
Although we recommend applying APK Signature Scheme v2 to your app,
this new scheme is not mandatory. If your app doesn't build properly
when using APK Signature Scheme v2, you can disable the new scheme.
I think this represents a good answer.
APK Signature Scheme v2 verification
Locate the APK Signing Block and verify that:
Two size fields of APK Signing Block contain the same value.
ZIP Central Directory is immediately followed by ZIP End of Central Directory record.
ZIP End of Central Directory is not followed by more data.
Locate the first APK Signature Scheme v2 Block inside the APK Signing Block. If the v2 Block if present, proceed to step 3. Otherwise, fall back to verifying the APK using v1 scheme.
For each signer in the APK Signature Scheme v2 Block:
Choose the strongest supported signature algorithm ID from signatures. The strength ordering is up to each implementation/platform version.
Verify the corresponding signature from signatures against signed data using public key. (It is now safe to parse signed data.)
Verify that the ordered list of signature algorithm IDs in digests and signatures is identical. (This is to prevent signature stripping/addition.)
Compute the digest of APK contents using the same digest algorithm as the digest algorithm used by the signature algorithm.
Verify that the computed digest is identical to the corresponding digest from digests.
Verify that SubjectPublicKeyInfo of the first certificate of certificates is identical to public key.
Verification succeeds if at least one signer was found and step 3 succeeded for each found signer.
Note: APK must not be verified using the v1 scheme if a failure occurs in step 3 or 4.
JAR-signed APK verification (v1 scheme)
The JAR-signed APK is a standard signed JAR, which must contain exactly the entries listed in META-INF/MANIFEST.MF and where all entries must be signed by the same set of signers. Its integrity is verified as follows:
Each signer is represented by a META-INF/<signer>.SF and META-INF/<signer>.(RSA|DSA|EC) JAR entry.
<signer>.(RSA|DSA|EC) is a PKCS #7 CMS ContentInfo with SignedData structure whose signature is verified over the <signer>.SF file.
<signer>.SF file contains a whole-file digest of the META-INF/MANIFEST.MF and digests of each section of META-INF/MANIFEST.MF. The whole-file digest of the MANIFEST.MF is verified. If that fails, the digest of each MANIFEST.MF section is verified instead.
META-INF/MANIFEST.MF contains, for each integrity-protected JAR entry, a correspondingly named section containing the digest of the entry’s uncompressed contents. All these digests are verified.
APK verification fails if the APK contains JAR entries which are not listed in the MANIFEST.MF and are not part of JAR signature.
The protection chain is thus <signer>.(RSA|DSA|EC) → <signer>.SF → MANIFEST.MF → contents of each integrity-protected JAR entry.
Upload new APK to Alpha
Upload failed
You uploaded an APK with an invalid signature (learn more about
signing). Error from apksigner: ERROR: JAR_SIG_NO_SIGNATURES: No JAR
signatures
Not sure what to do, I'm just trying to make an Alpha release of an Android Studio project..
You can see from the error that there is no jar signature.Select both the checkboxes for signature versions (v1 and v2) in last step and then build the apk. It will work
I was getting this error when I updated to android studio 3.3, the solution was remove the build folder, and then try again.
I think that you probably simply accepted the default configuration settings during the APK signup process in Android Studio. This is ok most of the time, but might generate a slight confusion if you use Android 7.0+ Indeed from version 7.0, Android intruduces the new V2 Signature Scheme in addition to the "old" V1. The new scheme is supposed to offer faster app install times and more protection against unauthorized alterations to APK files, and it is therefore the default scheme in Android Studio's "Generate Signed APK" dialog box.
The problem is that Google Play in your case wants the V1 scheme to be applied, that is the JAR signing, rather than the APK signing as in V2. The Google Play documentation explicitly states that: "Although we recommend applying APK Signature Scheme v2 to your app, this new scheme is not mandatory. If your app doesn't build properly when using APK Signature Scheme v2, you can disable the new scheme.".
The solution that I have found in those cases is to enable both, as shown in the screenshot below. Once you do that the signed APK should be accepted without problems by the Google Play versions management system.
Generate Signed APK dialog box in Android Studio
This is the complete procedure:
in Android Studio, select "Build > Select build variants" and make sure that the "release" variant is selected
select "Build > Generate Signed APK" and enter the information about your keystore. I suppose that you have already created a signed APK in your previous try so these fields should be already set to the latest values. Click [Next].
the next screen is where you have to make sure to check both V1 and V2 as the signature versions, afterwards click [Finish] to generate the APK.
Build -> Clean project
Select the checkboxes for signature versions v1 and v2
It worked, when selected only V1 (Jar Signature) :-)
Many hints spread across the comments above but these steps are what (FINALLY) worked for my Android (Cordova) app as of 11/2019:
Increment Android Build/Version Number in Manifest (if necessary)
Run cordova build android
Open project in Android Studio
Run Build > Clean Project
Run Build > Generated Signed Bundle / APK
Fill out dialogs and ONLY check the "V1 JAR" sign checkbox - did not check the "V2 Full APK Signature" checkbox.
Upload APK to Google Play Dashboard
Cross your fingers
First remove your project's build folder, then generate apk or bundle again. This solution was fixed the issue for me.
Make sure you're using the right certificate key file and follow these steps in Android Studio:
Click Build -> Clean Project
Click Build -> Generate Signed Bundle / APK
Follow the steps and make sure you've selected both options in "Signature Versions" (V1 - Jar Signature and V2 - Full APK Signature)
That should work!
That error was done after I updated my Android Studio to latest version and built again.
(PS: Now I am getting the error "Your app currently targets API level 26 and must target at least API level 29 to ensure it is built on the latest APIs optimized for security and performance. Change your app's target API level to at least 29" but this appears simple to solve...)
I have an updated version of Android Studio. Therefore, I don't have the option to check both v1 and v2.
Build Clean and Generate Signed Bundle/APK again worked for me.
I signed my APK in Android Studio 2.3 (build->generate signed APK). When I'm trying to upload it to Google Play store it is showing the error that I've uploaded unsigned APK. Could anyone answer why it is happening and how to solve it?
It uploaded successfully when I checked V1 (Jar Signature) instead of V2 (Full APK Signature) while generating the signed APK in Android Studio 2.3
Android 7.0 introduces APK Signature Scheme v2, a new app-signing scheme that offers faster app install times and more protection against unauthorized alterations to APK files.
While generating signed apk there are two checkbox .
V1 (Jar Signature)
V2 (Full apk Signature)
There are three choices available to us:
select V1 (For older version of signing) - apk gets uploaded successfully
select V2 (For newer version of signing) - Please note that selecting this alone will not work.
select V1 and V2 (For older and newer version) - apk gets uploaded successfully
Why selecting V2 alone does not work ?
Because APK Signature Scheme v2 was introduced in Android 7.0 (Nougat). To make a APK installable on Android 6.0 (Marshmallow) and older devices, the APK should be signed using JAR signing before being signed with the v2 scheme.
For more information jump here
Signed for Both v1 and v2. It will upload Successfully.
This is because you are using only v2 signature while taking release build.
So what is v1 and v2 mentioned?
v1 is the default signing mechanism and v2 is the newest mechanism added, which verifies much faster. This means v2-signed APKs install/update a bit faster on Android Nougat (Android 7.0, API Level 24) and newer.
So what should you do?
If you want to sign app without any changes
Check v1 (jar Signature only) which is the default.
If you want the newest signature and support for 7.x versions
Check v2 (Full Apk Signature) Which also reduces app size.
If you want app to be smaller, able to install faster and compatible with all Android versions.
Check both v1 and v2.
PS: Only applicable for signing apps with Studio, other than using pipes to build.
For more refereces Link
How To sign APK using V2
https://developer.android.com/studio/command-line/apksigner.html
Step 1) Android Studio, select View > Tool Windows > Terminal
gradlew assembleRelease
2) Align the unsigned APK using zipalign:
zipalign -v -p 4 my-app-unsigned.apk my-app-unsigned-aligned.apk
3) Sign your APK with your private key using apksigner:
apksigner sign --ks my-release-key.jks my-app-unsigned-aligned.apk --out my-app-release.apk
Note: To use the apksigner tool, you must have revision 24.0.3 or higher of the Android SDK Build Tools installed. You can update this package using the SDK Manager.
4) Verify that your APK is signed:
apksigner verify my-app-release.apk
Note: step 2 to 4 Perform in Command Prompt G:\AndroidStudio\Sdk\build-tools\25.0.0\
If you reach this, use Android Studio 3.3 and the error keeps coming up no matter you check the Signature checkboxes or not, try to manually delete the app/build folder.
Source: https://stackoverflow.com/a/54213942/787511
It is a problem from Google and it is issued two days ago in this page
As per the attached screenshot, Select both V1(Jar Signature) and V2(Full APK Signature). It will work.