Update android app with apk package from external source - android

We are developing an Android app and I made an apk available through a web site for our pilot users. The users have Install from unknown sources setting enabled. The app installed and worked fine.
Now I uploaded a newer version of the app. We have changed the version number on the apk package and the new version requires more permissions from the phone, like Prevent phone from sleeping when the first version only needed Full network access.
When I download and open the new version it says "Do you want to install an update to this existing application... Then updated application will get access to:" and then lists the added permissions under a New tab and all permissions under All.
So the installation identifies that this is an update and what has changed in terms of additional permissions.
When I go forward with the installation the installation stops with the message "An existing package by the same name with a conflicting signature is already installed".
What do I have to do/change to be able to upgrade the existing app?

All android apks are signed with a key. Even debug builds. FOr debug builds your IDE will automatically generate a key for you. You cannot update a package that was signed with one key for a package signed by another key. They must use the same key. If you're handing out debug builds not made on the same machine, its likely two keys were used.
The only way to fix this now is to have them uninstall and reinstall. Then make some internal policies about what key to use. To prevent that at my work we all use the same debug key (we have a separate release key so we don't accidently upload a debug build).

The old application had a signing signature A, but the new application got a signing signature B.
Typically, perhaps you create your applications by using the debug keystore. If it is the case, it's not a good thing to do. But as it is a "unknown source", it's not very important.
Secondly, you probably create the new version on another computer than the old, that means a different debug keystore is used.
A keystore is used to check is the producer has not changed between two updates of an application. This is a secure protection.
In your specific case, I suggest you to get the debug keystore that was used for the old version, and use the same when you compile the new version.
The debug keystore is in .android directory in the User directory of your computer (perhaps a hidden folder).
Beware that a specific debug keystore is only usable for 365 days, starting when the keystore is created.
If you want to avoid this problem, please use a release signing key.
https://developer.android.com/studio/publish/app-signing.html

Related

Backup keystore.debug file

I recently uploaded my game on playstore made with unity but I forgot the password to the keystore when I tried to build an update.
After hours of googling I've learned the importance of the keystore file. After a few trial and error attempts I finally figured out the correct password.
However, what if in the future my keystore.debug file gets deleted accidentally? Will it be generated automatically again by unity or do I need to make a backup for this file on the cloud?
If I need to make a backup than do I need to backup only "user/.android/debug.keystore", or are there other files I need to backup as well?
Some exaplanation:
debug.keystore (located on user/.android/debug.keystore) as the name implies, it is only used for debugging. That means, it's only used when you're sitting on your computer with the phone connected via ADB and typing code.
When developers release an app. Another keystore is used, the "release" keystore. That is the one you selected when clicking "Generate signed APK" or set on your gradle file, that you had to create a password for it. That file can be located anywhere on your system, you created it, you should know where it is. That one is very important. That one is the one that will allow you to update the app on the Play Store.
Direct answers:
debug.keystore is disposable and you don't have to worry with it.
the keystore used when exporting the .apk file, that one is VERY VERY important and YES, make backup of it everywhere you can! On an external hard-drive on your house, on a USB-drive and at least 1 cloud backup (e.g. Google Drive). If you loose that file or the password, you won't be able to update your app again.
I hope it helps.
You have to differentiate between debug.keystore & release keystore
debug.keystore Android User Guide
When running or debugging your project from the IDE, Android Studio automatically signs your APK with a debug certificate generated by the Android SDK tools. The first time you run or debug your project in Android Studio, the IDE automatically creates the debug keystore and certificate in $HOME/.android/debug.keystore, and sets the keystore and key passwords.
No need to remember as its generated automatically
release.keystore
Needed to publish on google play console, But take care after you generate it and used to release signed version for push to production when you app become published you can only send updates using this key. it will be permanent for you app package name on Google play. You have to backup key and it's protection password too.

Does Compiling My Android App On A Different Computer Create A New Signing Certificate?

I created an app on my Windows PC and from that PC I published the app to the Google Play Store. I have migrated(transferred via external hard drive) all my projects from my PC to my Mac.
I am now wondering will compiling that same app on the Mac cause it to create a new certificate?
The reason I would like to know is because I want to publish an update and would prefer to work on the project on the Mac but I don't want a problem to occur, that when I decide to publish the app from the Mac the Play Store will see a different certificate and the app will be published as if it were a totally brand new APK.
No, it is not computer-dependent.
Make sure you copy the Keystore you've been using to sign it from your old computer to the new one and everything will be exactly the same.
The Keystore is (just) the file in which all your keys are saved (and usually has a .jks extension).
The main documentation states:
A keystore is a binary file that contains a set of private keys. You
must keep your keystore in a safe and secure place.
A private key represents the entity to be identified with the app,
such as a person or a company.
So as long as you are identified with the same private key (located in your keystore), you will be fine.
Every installation of Android Studio has it's own debug signing key which is used to install apps on your device. However, when you sign an app for distribution on Google Play, you're supposed to use a separate keystore that you've generated and password protected. The overview of this process is here: http://developer.android.com/tools/publishing/app-signing.html
The good news is, you can then move that release keystore to any computer you want and use it to sign release builds for the Play Store.
If you copy the signing certificate you used on the first machine to the second machine, there will be no problem. The build and sign process should be platform agnostic (unless your build code makes assumptions about the host platform).
By default it will use a different debug certificate on every machine. You should explicitly create and use a non-debug key for publication. You may not want to check the signing key into source control, so you'll have to copy it to other computers manually.

APP not installed an existing package by the same name with a conflicting signature is already installed

i'm new to android development i have developed one application and distribute a copy from bin folder not in playstore . The user try to install app second time with different version it's giving "APP not installed an existing package by the same name with a conflicting signature is already installed" like this but same version it's not coming like this.
I want to install app without uninstalling(means user don't want to do uninstall) previous one without using play store and one more doubt when this signature will generates .
Thanks in Advance.
See what happens: most probably you'd compiled a DEBUG version of app and distributed it your own way. At that time your IDE used a debug certificate which is auto created every time you install IDE/SDK. Now, some time has passed and you'd switched your working PC/notebook OR you'd reinstalled the IDE/SDK OR you'd switched lets say from Eclipse to AndroidStudio OR changed your OS from Win7 to Win8 or Ubuntu, no matter what you did but as a result the brand NEW debug certificate was generated and used now. And most probably you'd lost your previous debug certificate 4ever (depends how this happens).
The certificate itself stands for a unique fingerprint and each debug or release certificate has its own unique fingerprint. That fingerprint is the signature Android talking about. Every apk is signed using certificate and has its signature, its mandatory.
So, since you are using a different debug key store certificate you are NOT ABLE to do what you want. The right scenario is to create a release certificate (key store) and to sign you app with it and then distribute app any way you want. This way you should also save your release certificate and reuse it later to sign any upcoming updates.
As for now you should restore your certificate you'd signed your apk with or the only way your users has now is to uninstall and then install.
Harsha Vardhan is right, You should first clean project and then use same signature with installed apk.
what ever you said it's correct but the problem here is i have changed sdk because of this problem is occurred . I think solution is need to generate apk file from same sdk .
I am not sure why that just happened.
But that's happened to me one time also.
I've changed my package name from com.aashakil.myapp to com.myapp and it was fixed.
If you change yours it'll may work.

Where is apk key stored on computer?

Two engineers are working on an android project. To publish the apk (not on Playstore, but private publication), they each run their project and then get the resulting apk and then publish. As it turns out a user cannot simply update between the apks produced from the two different computers. If a user's current apk was published by developer Zack; to update to the latest version, which happen to come from developer Max, the user must in fact delete and reinstall. How do I resolve this problem? I was hoping to find whatever key is used on one of the computers and pass it to the other developer. But I can't find where the keys are stored.
Naturally, I would use Android Tools > Export Signed Application Package to publish. But the present situation is as above. How do I fix that problem without having user's continuously deleting or -- on the other hand -- restrict publication to one machine?
In my case I put the Release Keystore file in the source control. Each developer pull the latest version (wish should not change) from the source control. You can set it up as readonly to secure the key if you like.
If you are using Eclipse when Signing the app, you have to specify the path to the keystore. So there you can get your own keystore path.
On the other hand. If you want to share the Debug Key, in order to play the application from both computers then the key is on your .android directory.
If on windows then is
c:\Users[username].android\
debug.keystore
debug.keyset
If on linux/other is similar
~/.android

How to change keystore of a application in android

I am working on a existing android project for my client. I have made some modification in his application. I am working on eclipse.
After sending the apk he installed it on his mobile but he has a complain that:
Current application failed install, even after it told me it was going to
overwrite my old application information. Please remember to change keystore.
Let me know how can I change the keystore using eclipse so that it will not fail to install on his mobile. Please explain.
Thanks,
Pravin
Every .apk file should be signed with a key(by installing the SDK, you get a debug key). A key is unique and the system will check the key of an apk file if such a package has been installed in the device, to see if the key is the same as the existed one. If the key doesn't match, the .apk file can't be installed, unless you uninstalled the original one.
Now, I think you may have several choices:
sign the apk with your own key and ask you client to uninstall the old one.
sign the apk with your own key and change the package name.
get your client's key and sign the apk with it.
For security reason, your client may not give his key to you. I think the best choice is to compile your project in release mode, and then ask your client to sign it with his private key. See here.
The default Keysotre used by Eclipse is in your Home-Directory in /.android/debug.keystore.
If you want to update an App both, the new and the old Apk have to be signed with the same key.
So you need to figure out which keystore your client used in the first place.
Please note that the debug.keystore is unique on every machine.

Categories

Resources