We are using Android Studio and we are developing an app using the default keystore. The application is already being used while in development so all clients already have data in their devices.
We now would like to use an actual keystore. However, creating a new one would mean the clients cannot update the application - they would have to reinstall the application which means that they would lose existing data. Is there a way to go around this? Or can we import the existing keystore for release?
It is stored in ~/.android/debug.keystore.
On Windows, this will be something like C:\Users\Username.android\debug.keystore
However, I would advise not to do this, as the debug keys have an early expiration (at least they did with Eclipse, I haven't been able to find anything about Android Studio). Once this date is reached, there will be no option but to create a new key. It's definitely messy, but it'll be easier to clean up now rather than in a years time when you'll have even more users.
You should use the existing keystore itself. While generating the signed apk, You can provide the path to that keystore, keystore password, key alias and key password. This is the only way with which you can generate an updated version of the existing apk.
Related
I lost my android apk certificate. I formatted my mac mini and upgraded to a new MacBook Pro. Now I don't have access to the old mac. So there is no chance of retrieving the old keystore. And I am not enrolled in Google Play App Signing yet. If I enroll now, will I be able to update my app?
This is the error I get when I try update my app on play store :
You uploaded an APK that is signed with a different certificate to
your previous APKs. You must use the same certificate.
I know this is a duplicate question but I am asking it again because all the other questions are 3,4 years old. And I read somewhere that it is possible after May 2017 but I don't know how.
This is the comment I saw on quora (The link to the blog is broken):
https://www.quora.com/How-do-I-make-a-new-Certificate-Keystore-key-after-losing-the-key-of-my-Android-app
No need to Remove Your app from play Store You can Update Your app.
it’s Possible now, After May 2017 you can Update your app if you lost
your keystore or keystore password. Don’t lose Hope you can update
your app using new Keystore file please refer this blog http://geekcodehub.com/blog/
Code Hub here i wrote how to update apk if you lost your keystore
follow the step and create new keystore , I updated my app using this
step. you need to enable google play app signing on play store console
Is there any chance to update my current app? Without creating new app on playstore.
AFAIK it's not possible.
If you lose your keystore or think it may be compromised, Google Play
App Signing makes it possible to request a reset to your upload key.
If you're not enrolled in Google Play App Signing and lose your
keystore, you'll need to publish a new app with a new package name.
Source
Finally, I managed to retrieve the key. Here is How :
1- Download Disk Drill (Trial Version)
2- Download Hex Editor
Disk Drill shows all the files but you cannot recover without upgrading to Pro version, But don't worry there is a work around :)
Select the partition you want to recover. It will start getting a list of files which can be recovered. In the search bar write ".jks"
From the list select the .jks file which is around 2 kb. Ignore the other files. All jks file names will be like file000001.jks, file000002.jks...
In trial version you cannot recover it directly but you can view it. So, open the file you selected. Copy the Hex Code from it.
Open Hex editor, Paste the code in a new file. Save it with extension .jks
Run IDE (Visual Studio or any), Import the jks file and you are good to go.
In visual studio you can import .jks after archiving the android project. Select Ad Hoc and at the bottom there is an option to import an existing key.
I erased my drive completely from disk utilities and installed a new OS. But still I was able to recover the key. Never loose hope :)
I have developed an app which works quite well as per the needs. But Play store has following restrictions for updating an app,
Same package name
Same SHA fingerprint
Also if one losses a key-store or its password then the entire project is in trouble for future updates.
What if machine harddisk fails and data is not recoverable, even creating new app from git will not help in updating app in future as SHA fingerprint will be different for new app
Is there any way to avoid such problems or is there any way to create new android app with same package name, SHA finger print and digital signature?
These questions have been troubling me for quite some time. I have seen answers that say, it is impossible to update app if one loses key-store so backup it at more than one place. But backing up android app will not help even if package name is same, SHA fingerprint will change once we create new app from old source code or is there any way to avoid this as well?
To solve this problem you can backup your keystore and password. Then even you loose it, from backup you will be able to sign app with same key.
Recently my computer crashed and I was only able to recover the keystore and apk of one of my Android apps (already published). Would it be possible to make an update to this app by creating a new project (the original one was lost) and using the original keystore? If so, how? Otherwise, how would I be able to update the app without the original project?
1.Create new project with same package name
2.Write your code from scratch
3.Update correct version code
4.Generate Release APK with your key store and remember to write its password when asked.
5.You are good to update on play store.
As long as application Id and certificate used to sing release APK matches already released binary, you can publish whatever you want.
BTW: Keystore is container for your keys. So if you just recovered keystore it does not automatically mean you recovered your keys (as you might have forgot key password).
I've been using my application for a while and produced a lot of data in it. Now it came time to upgrade it but the problem is that I've bought a new laptop and I can't upgrade the application due to different signature another IDE is using. It is impossible now to save the data, right?
Update: I didn't use any .keystore intentionally, I was just installing from Eclipse.
It doesn't matter along as you use the same .keystore when you sign the application.
You need to use the keystore and the same options.
So you are saying that you have uploaded your application without any signing certificate, basically copying the .apk from the /bin folder? As far as I know this is not possible.
If you indeed upload it with your .debug certificate, then I am afraid you will not be able to update your app, since as you have noticed, every installation of Android ADT creates a different .debug certificate on each machine.
I recently realized that I have lost the password to my keystore (or perhaps the keystore got corrupted somehow)
It keeps giving me the error: Keystore tampered or password incorrect
I created an (quite unoptimized) algorithm to Brute-Force the password by letting it run all the night. However, I am not sure how many unsuccessful password attempts will lock the keystore down.
Does anyone know anything like this?
UPDATE
The algorithm I devised works okay (I am using Java), but I realized that normally, the Keystore tool asks for the password only when I press enter. but to get the brute-force to work, I would want it to have a switch and accept password in the same line. is it possible?
Sharing my experience after trying everything available.
1- Smart word list attack from android-keystore-password-recover is what eventually worked for me after spending a day trying different lists. Unfortunately, it does not support multithreading and I couldn't get it to run faster than 30,000 trials/second. I might contribute multithreading support to project soon.
2- KeystoreBrute was the best for brute-force attack at 320,000 trials/second. However, if you do the numbers, it will take 3.5 days for 6 characters long password and 177 days for 7 characters long.
3- If you only need to crack the keystore password, but not the certificate password (also referred to as the alias password), this tool will just changes it for you.
Good luck!
No amount of password attempts will corrupt the key.
I was having this same issue. I solved the problem by creating my own keystore brute force application.
here is a link to the github repository for this code.
https://github.com/volure/keystoreBrute
Anyone on the planet may use this or add to it.
It Works on the basis of Password segments.
My password was like
foo#543Pass
so I added all the possible segments
foo
Foo
FOO
and so on.
Then ran through the items like an odometer.
Its crude code but hard coded to work on up to 5 segments.
My attempt was successful.
Hope yours is too.
No, brute-forcing will not corrupt the keystore. However, one thing to note, if you are trying to manually guess the password using the Android Studio or Eclipse wizards, even if you enter a wrong password is provided, even just once, it keeps saying on next attempts: "Keystore tampered with or password incorrect", even if you provide the correct password. To get around this, just close and re-open the wizard.
P.S. If the intent behind asking this question is that you have forgotten your keystore password, then you can try the steps mentioned in the Android keystore password recovery guide.
No need to use any keystore-password-recover method it take so many days for recover any some time it's not work so you should replace Your keystore with new keystore no need to remove you app from play store, without removing apk you can update your apk using new keystore file it’s Possible now, After May 2017 you can Update your app if you lost your keystore or keystore password. Don’t lose Hope you can update your app using new Keystore file please refer this http://geekcodehub.com/blog/ new Keystore Certificate update on playstore Hub here i wrote how to update apk if you lost your keystore follow the step and create new keystore , I updated my app using this step. you need to enable google play app signing on play store console