I recently uploaded my game on playstore made with unity but I forgot the password to the keystore when I tried to build an update.
After hours of googling I've learned the importance of the keystore file. After a few trial and error attempts I finally figured out the correct password.
However, what if in the future my keystore.debug file gets deleted accidentally? Will it be generated automatically again by unity or do I need to make a backup for this file on the cloud?
If I need to make a backup than do I need to backup only "user/.android/debug.keystore", or are there other files I need to backup as well?
Some exaplanation:
debug.keystore (located on user/.android/debug.keystore) as the name implies, it is only used for debugging. That means, it's only used when you're sitting on your computer with the phone connected via ADB and typing code.
When developers release an app. Another keystore is used, the "release" keystore. That is the one you selected when clicking "Generate signed APK" or set on your gradle file, that you had to create a password for it. That file can be located anywhere on your system, you created it, you should know where it is. That one is very important. That one is the one that will allow you to update the app on the Play Store.
Direct answers:
debug.keystore is disposable and you don't have to worry with it.
the keystore used when exporting the .apk file, that one is VERY VERY important and YES, make backup of it everywhere you can! On an external hard-drive on your house, on a USB-drive and at least 1 cloud backup (e.g. Google Drive). If you loose that file or the password, you won't be able to update your app again.
I hope it helps.
You have to differentiate between debug.keystore & release keystore
debug.keystore Android User Guide
When running or debugging your project from the IDE, Android Studio automatically signs your APK with a debug certificate generated by the Android SDK tools. The first time you run or debug your project in Android Studio, the IDE automatically creates the debug keystore and certificate in $HOME/.android/debug.keystore, and sets the keystore and key passwords.
No need to remember as its generated automatically
release.keystore
Needed to publish on google play console, But take care after you generate it and used to release signed version for push to production when you app become published you can only send updates using this key. it will be permanent for you app package name on Google play. You have to backup key and it's protection password too.
Related
When trying to install a signed application (app-release.apk), a "Blocked by Play Protect" alert is shown and the app is not installed. However, an unsigned application (app-debug.apk) can be installed without problems.
The error message:
Play Protect doesn't recognise this app's developer. Apps from unknown developers can sometimes be unsafe.
Why this error happened? What's the solution?
I found the solution:
Go to the link below and submit your application.
Play Protect Appeals Submission Form
After a few days, the problem will be fixed
Try to create a new key store and replace with old one, then rebuild a new signed APK.
Update: Note that if you're using a http connection with server ,you should use SSL.
Take a look at: https://developer.android.com/distribute/best-practices/develop/understand-play-policies
There are three options to get rid of this warning:
You need to disable Play Protect in Play Store -> Play Protect -> Settings Icon -> Scan Device for security threats
Publish app at Google Play Store
Submit an Appeal to the Play Protect.
Google play finds you as developer via your keystore.
and maybe your country IP is banned on Google when you generate your new keystore.
change your IP Address and generate new keystore, the problem will be fixed.
if you didn't succeed, use another Gmail in Android Studio and generate new keystore.
I am adding this answer for others who are still seeking a solution to this problem if you don't want to upload your app on playstore then temporarily there is a workaround for this problem.
Google is providing safety device verification api which you need to call only once in your application and after that your application will not be blocked by play protect:
Here are there the links:
https://developer.android.com/training/safetynet/attestation#verify-attestation-response
Link for sample code project:
https://github.com/googlesamples/android-play-safetynet
the only solution worked for me was using java keytool and generating a .keystore file the command line and then use that .keystore file to sign my app
you can find the java keytool at this directory C:\Program Files\Java\jre7\bin
open a command window and switch to that directory and enter a command like this
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Keytool prompts you to provide passwords for the keystore, your name , company etc . note that at the last prompt you need to enter yes.
It then generates the keystore as a file called my-release-key.keystore in the directory you're in. The keystore and key are protected by the passwords you entered. The keystore contains a single key, valid for 10000 days. The alias is a name that you — will use later, to refer to this keystore when signing your application.
For more information about Keytool, see the documentation at: http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
and for more information on signing Android apps go here: http://developer.android.com/tools/publishing/app-signing.html
If you are using some trackers like google analytics or amplitude and you are trying to release your app in another platforms other than Google Play, this errors appears for users. So there are two possible solutions:
Use special trackers in your app (firebase and appmetrica are tested and are ok)
Release your app in Google Play
it is due to expired of debug certificate
simply delete the debug.keystore located at
C:\Users\.android\
after that build your project the build tools will regenerate a new key and it will work fine.
here is a reference:
https://developer.android.com/studio/publish/app-signing
the solution lies in creating a new key when generating the signed apk.
this worked for me without a fuss.
click on Build
click generate signed Bundle/APK...
choose either Bundle / APK (in my case APK) and click Next
click on create new (make sure you have a keystore path on the machine)
after everything, click finish to generate your signed apk
when you install, the warning will not come.
I solved this problem by changing my application package name according to signature certificate details. At first I created application with com.foo.xyz
but my certificate organization was 'bar'. So I change my package name to com.bar.xyz and now there is no google play protect warning!
There is no very precise way to solve this problem, but the following tasks can be effective in solving the problem
Click Invalid Caches/Restart
Do the login process of Android Studio
Click generate signed Bundle / APK
Fill in all the "generate signed Bundle" information completely.
Do not use the same password. Make sure your passwords are different in
"generate signed Bundle"
different. Preferably enter the address of America with the code 01
It is probably sensitive to Persian, so it is better not to write in Persian in the program. Write the program menu in English and make it Persian in the next updates
Remove extra permissions
Finally, go to the site below and request a troubleshooting
https://support.google.com/googleplay/android-developer/answer/2992033?hl=en
Fill in the first and last name correctly
Upload the installation file, for example, in Dropbox, and copy the link
If you are using Dropbox, be sure to change the number zero at the end of the
link to one, then submit it or use link shortening sites.
If your request is not approved, shorten the link of the installation file, for
example, using the https://bit.ly site
In the description section, explain the problem. For your convenience, I will
leave a sample text for you :
Greetings to the esteemed Google Team
I am sending this request to fix the "Blocked by Pay Protect" error
****{Write your app info and your reasons}****
Fast, simple, free and lightweight, no annoying ads ,This app does not collect and store user data!
Also, no unnecessary cost is imposed on the user and is completely free , It
also certifies that this app does not harm user privacy and is not harmful to users
Thank you
If you did not receive the confirmation email, repeat the request again a few days later
If there were hardware changes, try to re-download or re-create jks file.
I also faced such problem, it occured after moving my SSD from one PC to another. This gave a hint that there were no need to send the app to Google for verification: an old apk file was installing with no warning. So I replaced an android.jks on my hard drive with the one from the cloud, created a signed apk and the problem has gone.
I kept getting this issue after installing my app on a real device for debug.
And the problem was that I had android:exported="true" attribute present on the main activity in manifest file. I removed it and Play Protect warning disappeared.
Update: The following method doesn't work anymore.
Not the solution, but you can use debug key for signing release builds to avoid blocking the installation from Google Play Protect. It looks like Play Protect doesn't warn for builds signed with automatically generated debug.keystore.
Note that your debug builds are not unsigned, they are just signed with a debug key.
Of course, you cannot use the build for production distribution (Google Play, Amazon, etc.), but it's still worth for pre-production internal testing which requires a high-frequency feedback loop.
You can add a task to build release with debug.keystore by adding the configuration in build.gradle, something like:
android {
buildTypes {
// add after the `release` definition
releaseDebugKey { initWith release }
}
signingConfigs {
// use debug.keystore for releaseDebugKey builds
releaseDebugKey { initWith debug }
}
}
then execute ./gradlew assembleReleaseDebugKey to build a release build with debug key.
This error usually happens if you try to install an app from .apk file. The first thing you can do is to disable Play Protect from the inside of Play Store app in your phone:
Open Google Play Store app --> Play Protect --> Click Settings Icon on the top --> Disable scanning apps for security
Note: It is recommended that you enable it back again after finishing installation for security purposes.
Now after this you should be able to install the app. If you still receive error saying something like Error, app was not installed when you click on the .apk file, it means you have installed version of that app already. Uninstall the app first then you can install the app from .apk file without problem.
When trying to install a signed application (app-release.apk), a "Blocked by Play Protect" alert is shown and the app is not installed. However, an unsigned application (app-debug.apk) can be installed without problems.
The error message:
Play Protect doesn't recognise this app's developer. Apps from unknown developers can sometimes be unsafe.
Why this error happened? What's the solution?
I found the solution:
Go to the link below and submit your application.
Play Protect Appeals Submission Form
After a few days, the problem will be fixed
Try to create a new key store and replace with old one, then rebuild a new signed APK.
Update: Note that if you're using a http connection with server ,you should use SSL.
Take a look at: https://developer.android.com/distribute/best-practices/develop/understand-play-policies
There are three options to get rid of this warning:
You need to disable Play Protect in Play Store -> Play Protect -> Settings Icon -> Scan Device for security threats
Publish app at Google Play Store
Submit an Appeal to the Play Protect.
Google play finds you as developer via your keystore.
and maybe your country IP is banned on Google when you generate your new keystore.
change your IP Address and generate new keystore, the problem will be fixed.
if you didn't succeed, use another Gmail in Android Studio and generate new keystore.
I am adding this answer for others who are still seeking a solution to this problem if you don't want to upload your app on playstore then temporarily there is a workaround for this problem.
Google is providing safety device verification api which you need to call only once in your application and after that your application will not be blocked by play protect:
Here are there the links:
https://developer.android.com/training/safetynet/attestation#verify-attestation-response
Link for sample code project:
https://github.com/googlesamples/android-play-safetynet
the only solution worked for me was using java keytool and generating a .keystore file the command line and then use that .keystore file to sign my app
you can find the java keytool at this directory C:\Program Files\Java\jre7\bin
open a command window and switch to that directory and enter a command like this
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Keytool prompts you to provide passwords for the keystore, your name , company etc . note that at the last prompt you need to enter yes.
It then generates the keystore as a file called my-release-key.keystore in the directory you're in. The keystore and key are protected by the passwords you entered. The keystore contains a single key, valid for 10000 days. The alias is a name that you — will use later, to refer to this keystore when signing your application.
For more information about Keytool, see the documentation at: http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
and for more information on signing Android apps go here: http://developer.android.com/tools/publishing/app-signing.html
If you are using some trackers like google analytics or amplitude and you are trying to release your app in another platforms other than Google Play, this errors appears for users. So there are two possible solutions:
Use special trackers in your app (firebase and appmetrica are tested and are ok)
Release your app in Google Play
it is due to expired of debug certificate
simply delete the debug.keystore located at
C:\Users\.android\
after that build your project the build tools will regenerate a new key and it will work fine.
here is a reference:
https://developer.android.com/studio/publish/app-signing
the solution lies in creating a new key when generating the signed apk.
this worked for me without a fuss.
click on Build
click generate signed Bundle/APK...
choose either Bundle / APK (in my case APK) and click Next
click on create new (make sure you have a keystore path on the machine)
after everything, click finish to generate your signed apk
when you install, the warning will not come.
I solved this problem by changing my application package name according to signature certificate details. At first I created application with com.foo.xyz
but my certificate organization was 'bar'. So I change my package name to com.bar.xyz and now there is no google play protect warning!
There is no very precise way to solve this problem, but the following tasks can be effective in solving the problem
Click Invalid Caches/Restart
Do the login process of Android Studio
Click generate signed Bundle / APK
Fill in all the "generate signed Bundle" information completely.
Do not use the same password. Make sure your passwords are different in
"generate signed Bundle"
different. Preferably enter the address of America with the code 01
It is probably sensitive to Persian, so it is better not to write in Persian in the program. Write the program menu in English and make it Persian in the next updates
Remove extra permissions
Finally, go to the site below and request a troubleshooting
https://support.google.com/googleplay/android-developer/answer/2992033?hl=en
Fill in the first and last name correctly
Upload the installation file, for example, in Dropbox, and copy the link
If you are using Dropbox, be sure to change the number zero at the end of the
link to one, then submit it or use link shortening sites.
If your request is not approved, shorten the link of the installation file, for
example, using the https://bit.ly site
In the description section, explain the problem. For your convenience, I will
leave a sample text for you :
Greetings to the esteemed Google Team
I am sending this request to fix the "Blocked by Pay Protect" error
****{Write your app info and your reasons}****
Fast, simple, free and lightweight, no annoying ads ,This app does not collect and store user data!
Also, no unnecessary cost is imposed on the user and is completely free , It
also certifies that this app does not harm user privacy and is not harmful to users
Thank you
If you did not receive the confirmation email, repeat the request again a few days later
If there were hardware changes, try to re-download or re-create jks file.
I also faced such problem, it occured after moving my SSD from one PC to another. This gave a hint that there were no need to send the app to Google for verification: an old apk file was installing with no warning. So I replaced an android.jks on my hard drive with the one from the cloud, created a signed apk and the problem has gone.
I kept getting this issue after installing my app on a real device for debug.
And the problem was that I had android:exported="true" attribute present on the main activity in manifest file. I removed it and Play Protect warning disappeared.
Update: The following method doesn't work anymore.
Not the solution, but you can use debug key for signing release builds to avoid blocking the installation from Google Play Protect. It looks like Play Protect doesn't warn for builds signed with automatically generated debug.keystore.
Note that your debug builds are not unsigned, they are just signed with a debug key.
Of course, you cannot use the build for production distribution (Google Play, Amazon, etc.), but it's still worth for pre-production internal testing which requires a high-frequency feedback loop.
You can add a task to build release with debug.keystore by adding the configuration in build.gradle, something like:
android {
buildTypes {
// add after the `release` definition
releaseDebugKey { initWith release }
}
signingConfigs {
// use debug.keystore for releaseDebugKey builds
releaseDebugKey { initWith debug }
}
}
then execute ./gradlew assembleReleaseDebugKey to build a release build with debug key.
This error usually happens if you try to install an app from .apk file. The first thing you can do is to disable Play Protect from the inside of Play Store app in your phone:
Open Google Play Store app --> Play Protect --> Click Settings Icon on the top --> Disable scanning apps for security
Note: It is recommended that you enable it back again after finishing installation for security purposes.
Now after this you should be able to install the app. If you still receive error saying something like Error, app was not installed when you click on the .apk file, it means you have installed version of that app already. Uninstall the app first then you can install the app from .apk file without problem.
I created an app on my Windows PC and from that PC I published the app to the Google Play Store. I have migrated(transferred via external hard drive) all my projects from my PC to my Mac.
I am now wondering will compiling that same app on the Mac cause it to create a new certificate?
The reason I would like to know is because I want to publish an update and would prefer to work on the project on the Mac but I don't want a problem to occur, that when I decide to publish the app from the Mac the Play Store will see a different certificate and the app will be published as if it were a totally brand new APK.
No, it is not computer-dependent.
Make sure you copy the Keystore you've been using to sign it from your old computer to the new one and everything will be exactly the same.
The Keystore is (just) the file in which all your keys are saved (and usually has a .jks extension).
The main documentation states:
A keystore is a binary file that contains a set of private keys. You
must keep your keystore in a safe and secure place.
A private key represents the entity to be identified with the app,
such as a person or a company.
So as long as you are identified with the same private key (located in your keystore), you will be fine.
Every installation of Android Studio has it's own debug signing key which is used to install apps on your device. However, when you sign an app for distribution on Google Play, you're supposed to use a separate keystore that you've generated and password protected. The overview of this process is here: http://developer.android.com/tools/publishing/app-signing.html
The good news is, you can then move that release keystore to any computer you want and use it to sign release builds for the Play Store.
If you copy the signing certificate you used on the first machine to the second machine, there will be no problem. The build and sign process should be platform agnostic (unless your build code makes assumptions about the host platform).
By default it will use a different debug certificate on every machine. You should explicitly create and use a non-debug key for publication. You may not want to check the signing key into source control, so you'll have to copy it to other computers manually.
Two engineers are working on an android project. To publish the apk (not on Playstore, but private publication), they each run their project and then get the resulting apk and then publish. As it turns out a user cannot simply update between the apks produced from the two different computers. If a user's current apk was published by developer Zack; to update to the latest version, which happen to come from developer Max, the user must in fact delete and reinstall. How do I resolve this problem? I was hoping to find whatever key is used on one of the computers and pass it to the other developer. But I can't find where the keys are stored.
Naturally, I would use Android Tools > Export Signed Application Package to publish. But the present situation is as above. How do I fix that problem without having user's continuously deleting or -- on the other hand -- restrict publication to one machine?
In my case I put the Release Keystore file in the source control. Each developer pull the latest version (wish should not change) from the source control. You can set it up as readonly to secure the key if you like.
If you are using Eclipse when Signing the app, you have to specify the path to the keystore. So there you can get your own keystore path.
On the other hand. If you want to share the Debug Key, in order to play the application from both computers then the key is on your .android directory.
If on windows then is
c:\Users[username].android\
debug.keystore
debug.keyset
If on linux/other is similar
~/.android
I am working on a existing android project for my client. I have made some modification in his application. I am working on eclipse.
After sending the apk he installed it on his mobile but he has a complain that:
Current application failed install, even after it told me it was going to
overwrite my old application information. Please remember to change keystore.
Let me know how can I change the keystore using eclipse so that it will not fail to install on his mobile. Please explain.
Thanks,
Pravin
Every .apk file should be signed with a key(by installing the SDK, you get a debug key). A key is unique and the system will check the key of an apk file if such a package has been installed in the device, to see if the key is the same as the existed one. If the key doesn't match, the .apk file can't be installed, unless you uninstalled the original one.
Now, I think you may have several choices:
sign the apk with your own key and ask you client to uninstall the old one.
sign the apk with your own key and change the package name.
get your client's key and sign the apk with it.
For security reason, your client may not give his key to you. I think the best choice is to compile your project in release mode, and then ask your client to sign it with his private key. See here.
The default Keysotre used by Eclipse is in your Home-Directory in /.android/debug.keystore.
If you want to update an App both, the new and the old Apk have to be signed with the same key.
So you need to figure out which keystore your client used in the first place.
Please note that the debug.keystore is unique on every machine.