I have developed an app which works quite well as per the needs. But Play store has following restrictions for updating an app,
Same package name
Same SHA fingerprint
Also if one losses a key-store or its password then the entire project is in trouble for future updates.
What if machine harddisk fails and data is not recoverable, even creating new app from git will not help in updating app in future as SHA fingerprint will be different for new app
Is there any way to avoid such problems or is there any way to create new android app with same package name, SHA finger print and digital signature?
These questions have been troubling me for quite some time. I have seen answers that say, it is impossible to update app if one loses key-store so backup it at more than one place. But backing up android app will not help even if package name is same, SHA fingerprint will change once we create new app from old source code or is there any way to avoid this as well?
To solve this problem you can backup your keystore and password. Then even you loose it, from backup you will be able to sign app with same key.
Related
I sold one of my Android apps to an outside company. I provided all the code (Android Studio). Before zipping it all up for delivery, I made sure it compiled and all that. I then went through the process of changing the Play Store entire to move the ownership of the other company.
Everything seems to be in order. Except that when the new owner is trying to publish the app, they are told that the certificate doesn't match the fingerprint of the original private key.
I was under the impression that they could simply compile their own version with their own private key, but Google is not allowing that. Such to the extent that they are saying that there is nothing they can do about it. They must use the original key.
Fine... I found the original key file and sent that to them. In fact, I found like 5 different versions of it, just in case any were corrupted.
They are still not able to publish the app.
Does anyone have any experience with this? Is there a way around this?
BTW, and for the record... The last suggestion I made to them, is to NOT change ANYTHING in that keystore. Because doing so would make it different. I'm thinking that they changed all the company information in the key and that's why it isn't working.
I think read somewhere that when you publish an application on google store, there is a pair between the keystore you used and the application id.
Did you change both applicationID and keystore used?
If you change only the keystore, the previous users who already have your application won't receive any new update, they'll have to remove the old application and download the new one.
We are using Android Studio and we are developing an app using the default keystore. The application is already being used while in development so all clients already have data in their devices.
We now would like to use an actual keystore. However, creating a new one would mean the clients cannot update the application - they would have to reinstall the application which means that they would lose existing data. Is there a way to go around this? Or can we import the existing keystore for release?
It is stored in ~/.android/debug.keystore.
On Windows, this will be something like C:\Users\Username.android\debug.keystore
However, I would advise not to do this, as the debug keys have an early expiration (at least they did with Eclipse, I haven't been able to find anything about Android Studio). Once this date is reached, there will be no option but to create a new key. It's definitely messy, but it'll be easier to clean up now rather than in a years time when you'll have even more users.
You should use the existing keystore itself. While generating the signed apk, You can provide the path to that keystore, keystore password, key alias and key password. This is the only way with which you can generate an updated version of the existing apk.
I'm developing an open-source app for Android using Phonegap. The development reached the stage at which it's usable enough to release it to public (something like a beta version). I just want to put my current APK on Github. Is there any reason why I would not want to uploading the APK signed with debug key and signing it with release instead (and going through the hassle of making one etc.)?
A debug key isn't any different from a normal key. So there's no reason it would harm anything. If you ever want to upgrade it, the upgrades will need to be signed with the same key or the user will have to uninstall first. And if you ever upload to Google Play, the same key has to be used for all uploads there. So make sure whatever key you release under is saved somewhere.
The only possible problem I see is that debug keys may have a short expiration date and need to be recreated (ADT used to expire them in 1 year). So if you plan on maintaining it you may want to create a key with a longer expiration.
You should create a key as there may be people who will be helping you in your current project and they will also be signing app, but with a different key and if they later upload apk to the GitHub, the user's will get different signature warning which will result of having to reinstall the app and thus losing any persisted data.
As long as you don't want anyone helping you out, it's fine the way it is.
You can use the one Android created for you if you are too lazy to create a new one. It is stored in C:\Users\<your_user_name>\.android assuming that you are using Windows as your OS.
No problem, you can just upload the release apk while making a new repo release on GitHub. I also do it, that way people who visit my repo can try the app then and there and it will be really helpful than uploading or hosting the apk somehwere else.
Also to make it easier to update the apk in future repo releases, I made a library which detects new repo release and downloads the latest apk. You can check out my library here. Hope this will be useful to you as well.
I've just finished making some updates for a company's Android app, only to realize that they no longer have the private key that was used to sign the original release that went to the Android Market. If I understand correctly, this means that these changes can't be released as an update to the original app. I think the best option is to pull the original app from the market (it doesn't have many downloads or reviews) and re-release the app signed with a new key. However, I'm worried that Android Market might not allow an app to be released which is practically identical to an app that has already been released (e.g. same name, same icon, mostly the same functionality, etc.).
Has anyone been in this situation before? Did google allow you to re-release as a separate app to the Android Market?
You are correct in that you will have to release this as a new application with a different package name. You will have to pull the other app from the Market as it will no longer be updateable and your users will have to redownload the new version of the app.
I don't see any reason why Google would have any issues with this, it's a known issue that some developers/companies can come across when they loose their signing key. Also, as far as I know, Google doesn't closely monitor incoming apps unless they are being flagged.
I've seen some apps that have 10 versions of the same app in the Market, just so that they can have more visibility, which is something that I think Google needs to look out for.
If you just forgot password.
https://code.google.com/archive/p/android-keystore-password-recover/
If you replaced the existing key file.
1.Rename your package name.
2.Generate new signed apk but this time keep copy of the key and never lose it if you want to update your existing app.
I had a similar thing happen, and we had to change the package name even after pulling the original application from the market. I assume this is to protect users from 'accidentally' downloading a malicious update to an application they already have.
As of about August of this year (2011), the Android market has had the capability of uploading multiple APK's for the same package name. You should be able to remove the original APK and substitute a new one with the same package name now using that mechanism.
I haven't tried it yet, but we were able to upload multiple copies of our different applications that targeted specific platforms and it worked like a charm.
Welp, smooth move on my part. I can't update any applications in the Market now because I accidentally deleted my android keystore. Does anyone know how I could get it back? I've tried running a recovery program, but for whatever reason it's not showing up.
If you've lost your private key, it's gone forever (unless you have backups).
Maybe worth trying if you can take your existing APKs, sign them with an additional new key and upload them. Then for subsequent releases, you could use the new key.
Whether this really does work in practice, I'm not so confident, but could be worth a try:
How to sign an APK with more than one certificate?
You are probably out of luck.
But if it were me, and I knew any bits of the key file at all (such as a header or key name or whatever), I'd immediately unmount that partition and grep the device file for those bits (if you are on windows, boot with a live linux CD).
It probably won't work, but at worst you loose an hour or two of CPU time on a wild goose chase.
Google now allows you to upload the new key to existing app by requesting them to reset it through email/live chat in Google Support.
This process takes 1-2 business days.
I followed this process and uploaded an update to the same app with a new key.
Google Play Store technical team helped me to reset the previous key.