I inherited an android app that was initially outsourced to an external developer, fixed stuff and I am now ready to send the new update to the play store.
Then I found out that I need a specific signing key in order to update the app, which we got from the previous developer.
So I generated a signed release apk using the key I got and tried to upload. Upon uploading, I get a pop-up with an error. see screenshot for details
We asked the developer if he was sure that was the key he used, and he swears he looked everywhere and its the only key he used. Although, I do think he might have changed the password for it..., not really sure.
Significant changes I introduced to the app is changing the package in manifest and creating product flavours which each their own package name(one of them got to keep the original package name from the play store).
Some things I noticed: When I got the app, the app manifest had an out-commented package name and a new one with our company's name in it. The original one had the name of the of the outsourcing company in place of the "example" of the "com.example.appname" bit, so they must have changed the package name when they created the release apk.
I have no idea if any of this means anything because the package name is the same when I put it all in an apk... It's just that the store claims that the app was signed with a different certificate and the previous developer swears he used the same he sent to us.
Can anyone tell me if it's possible to do anything to make this work, or are we completely doomed and will have to upload a new app to the store?
Thanks for any help.
Update:
Because people are asking about packagename, let me clarify.
When I got the app, all the packagenames in the manifest was not the same as the one from Playstore... so i refactored the entire package app-wide to reflect the play-store package name... and then I introduced product flavours because we need a new app with different branding that is similar to the original one... so I ended with with a structure like this:
defaultConfig {
applicationId "PlayStorePackagName"
}
productFlavors {
brand1 {
applicationId "PlayStorePackagName" //<- for original app
}
new_brand{
applicationId "NewPlayStorePackagName" //<- for new app.
}
}
In this case, it shouldn't matter what package name is in the manifest, should it?
You cannot change the package name nor the Certificate for the App for the Playstore! If you don't have the correct certificate you cannot submit your App as an update to the existing one.
Certificate checking
However you can check the information stored in your available Keystore and compare it with the current store apk. For Example:
jarsigner -verify -verbose -certs yourapp.apk
You can get more details with the keytool. See this Thread for more information.
Package name
You can check the correct package name for your app when Browsing to your App in the play store.
Example for Google Plus: https://play.google.com/store/apps/details?id=com.google.android.apps.plus
id=com.google.android.apps.plus is the package name in this case. This cannot be changed for your App
However this package name is defined by your applicationId within your App. Your structure of your app can have different package names. See here for more information.
From the docs:
When you're ready to make changes to your APK, make sure to update your app’s Version Code as well so that existing users will receive your update.
Use the following checklist to make sure your new APK is ready to update your existing users:
The Package Name of the updated APK needs to be the same as the current version.
The Version Code needs to be greater than that current version. Learn more about versioning your applications.
The updated APK needs to be signed with the same signature as the current version.
To verify that your APK is using the same certification as the previous version, you can run the following command on both APKs and compare the results:
$ jarsigner -verify -verbose -certs my_application.apk
If the results are identical, you’re using the same key and are ready to continue. If the results are different, you will need to re-sign the APK with the correct key.
You say that:
Significant changes I introduced to the app is changing the package in manifest
So this is the source of issue. You'll need to use the same package name.
We have a third party app that has been created for us, but that we will maintain going forward.
They have built the apk and signed it with their own key, but in order for us to upload it and to use our key I have had to resign it.
For this I used https://code.google.com/p/apk-resigner/
Now I'm trying to compare their apk with my resigned one, but am not 100% sure what to do.
I've tried doing
jarsigner -verify -keystore my_keystore_location -verbose -certs my.apk
and i've received lots of files with smk on them. This would make sense following the key
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
but then when I run the third party apk that still has their key, I also get smk on the files, which shouldn't happen as that would say it has been signed with a key in my keystore!?
Any ideas anyone?
Thanks
I'm not exactly sure if this works but I spotted it in package manager :
http://developer.android.com/reference/android/content/pm/PackageManager.html#checkSignatures(java.lang.String, java.lang.String)
Its supposed to be able to take your first package(your own)'s signature and compare it with your third party app's signature. This is ran on the android app and not on your development platform(Windows, Mac, Linux etc).
Looking at the documentation, if 0 is returned, the signature matches. If 1 is returned, neither are signed. -3 for no match. -2 for not second package not signed and -1 for first package not signed. -4 if either packages are invalid.
This code is working for me :
final PackageManager pm = getPackageManager();
System.out.println(pm.checkSignatures("com.testing1", "com.testing2"));
I am trying to integrate a Google plus Login in my application as per the instruction provided by following link :
https://developers.google.com/+/quickstart/android#install-sdk
I am following all the instructions perfectly. And when I run the sample application on a real device provided in the android-sdk and click the signin button, it display a Toast message that An internal error occurred
What am I doing wrong?
I have this problem and even after creating 10 different client IDs with different SHA and package name, it doesn't work... until I found out that you have to fill the Consent screen.
According to GoogleDevelopers Console -
The consent screen will be shown to users whenever you request access
to their private data using your client ID.
This can happen when you haven't set the signature for the client ID in your API console project, or if you copied the wrong key value from keytool. Doing so is documented in the steps of the quick start guide on steps 7, 8, 9, and 10.
I've solved problem by removing .setScopes("PLUS_LOGIN") in the PlusClient.Builder.
I got this toast message error in my android application:
An internal error occurred
Summary:
Assuming you made a mistake configuring the negotiation between your android app and the Android API server granting you access. Most likely caused by you not adding the correct package name or correct SHA1 fingerprint. I followed these steps to blow out the wrong configuration and do it right.
Steps to fix:
Go to your google api console and login: https://code.google.com/apis/console
Click "API Access" tab.
Click the button: "Create another client ID".
Choose: "Installed Application" radio button.
Choose: "Android" radio button.
Enter the package name of the android app that is displaying the above error. You can find it defined at the top of the PlusSampleActivity.java code file. For me it is com.google.android.gms.samples.plus
Acquire your SHA1 fingerprint value:
a. Use the command keytool -list -v -keystore /home/el/.android/debug.keystore. Enter password, If you never set it, the default password is 'android'.
b. The SHA1 fingerprint is shown on screen, copy that.
Paste the above value into the "Signing certificate fingerprint (SHA1):" box.
Click the button: "Create client ID".
Run your android application again, click "Sign in".
Now you are presented with an Activity to "Sign in to Google+ SDK with Google".
In my case, the solution was to actually set an email address in the Consent Screen.
First, I was a bit reluctant to select my personal address and for an strange reason you can save the form without this piece of data with no error. After checking what others have suggested, as soon as I set my email address in that form, it started working.
I have been searching how to fix this for a day with full of research without luck finally i managed
to resolve this issue with the following approach.
Before i begin resolving this (at least how ti worked for me) i have to say that everything on the
documentation is correct and you don't have to change any lines of code or so.
It looks like more of a bug in the https://cloud.google.com/console cloud console
First ensure you got the correct SHA1 and your project's package name as described in the docs
https://developers.google.com/+/quickstart/android
Now this bug as i noticed (at least for me) was that in my cloud console, the project i have created
was long ago with the old interface and few months ago i migrated to the new GUI.Once you get the new look on cloud console you will notice that new projects have an auto generated project id
like this atlantean-ares-331 while old projects got a long integer value as project id which is not visible. So if your project was created with the old GUI and you have just created new client id for OAuth for that project you will get the Toast "An internal error occurred” while trying to sign in with google.
How to Fix
Go to your cloud console
Make a new project i would suggest a name like
oldprojectname-gplus
In APIs section enable Google+ API
Ensure that none of your projects has the same package name on
OAuth Client ID with the one you will use now otherwise you will get Error This client ID is globally unique and is already in use.(you will have to delete the old OAuth client id with the same package name you will use now).
Go to Credentials Create New Client ID for OAuth.
Installed application
Android
Enter your project's package name and your SHA1
Done
My solution to the problem was following.
I did everything others recommended and there was no typo regarding the package name and SHA1 key. I also tried removing the key and then adding it again but it didn't help.
What did help is removing the key and creating a new project (at https://code.google.com/apis/console) and then creating the Client ID (with package+sha1) again there. After that (5 secs) everything worked on my Android device.
This problem is related to the permissions from the api console.
if you are using a permission related with SCOPE_PLUS_LOGIN, in the api console you must create two keys, one for OAuth client id, and other for public api key.
In my case the problem was that I changed the package name of the app and didn't update in dev console.
For me it was that i was attempting to use my production key when installing it using my debug key. Make sure your using the right SHA1 from the right keystore.
I turned around to the Google IO 2013, and changed the initialization of PlusClient, then it works.
public static final String AUTH_SCOPES[] = {
Scopes.PLUS_LOGIN,
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/developerssite" };
mPlusClient = new PlusClient.Builder(this, this, this)
.setScopes(AUTH_SCOPES)
.build();
Thanks Thano for the solution
"Now this bug as i noticed (at least for me) was that in my cloud console, the project i have created was long ago with the old interface and few months ago i migrated to the new GUI.Once you get the new look on cloud console you will notice that new projects have an auto generated project id like this atlantean-ares-331 while old projects got a long integer value as project id which is not visible. So if your project was created with the old GUI and you have just created new client id for OAuth for that project you will get the Toast "An internal error occurred” while trying to sign in with google."
Recreating the project in the Google Console worked for me after several other attempts:
For any reason my project did not have a project ID (old console/new console?).
As Thano (above) suggested, I created a brand new project, created Client IDs, ... and then in worked. Thanks for the advice!!
Remember to use the built-in debug keystore for testing. I had everything else working correctly, but I had set my production keystore SHA1 fingerprint in the Credentials in the Developers Console, which caused it not to work.
If your facing this error when you try to run the sample application "or" copy the project which you have created in other machine which was running successfully in that and giving such pop-up error in the other machine where you are trying to run ,you can follow the below method and it will help.
If your are building the app for testing/debug purpose then,
1.Generate the new SHA1 if you copy your project and run it on other machine for the package name and path provided for keystore.
2.Change the ClientId in developers console for new generated SHA1 and run it in the new machine where you have copied the project and trying to run it.
Something often overlooked is the package name. I'd like to clarify the step 6 by Eric Leschinski above (can't comment there): the required package is not the package of an activity, rather the package of your app's manifest.
You may retrieve the correct value from the root element of AndroidManifest.xml:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.ntk.darkmoor"
android:versionCode="1"
android:versionName="1.0" >
In this example define "com.ntk.darkmoor" while creating the Client ID
I had the same issue when I used SHA1 for debug.keystore for debuging then exported my application forgetting to generate SHA1 for keystore that I used to export my application.
Its working for me when i connect the device and install the apk from Android Studio.
But its now working for me when i generate the .apk and install it from dropbox.
I went through all the answers provided here and others as well. In my case the issue was the SHA-1 as well. The reason I was getting the incorrect SHA-1 was my keytool export cert command.
Previously I was using
C:\Users\mysuername\.android SHA 1 signature keytool -exportcert -alias androiddebugkey -keystore "keystorepath" -list -v
The problem was in the androiddebugkey variable. Here you have to give the name of the key you use for signing the application.
C:\Users\mysuername\.android SHA 1 signature keytool -exportcert -alias mykeyname -keystore "keystorepath" -list -v
Hope this helps someone!
To add to this long list of reasons my problem was that i got the debugkey from the jks file rather than the app.
Its always something small.
Dear All,
I have successfully made an application using Sencha touch 2 it's
working fine in my Android device, also on Tablet and emulator. But
the problem is that the apk file could not be uploaded on Android Market it shows
me a error:
.apk is not signed also validity year 50 Error in Google market -:
Google Play does not accept apks signed with the debug certificate.
Create a new certificate that is valid for at least 50 years.
I have changed my certificate also "configuration":"Release"
but not get any success. Dear i am also sharing my whole configuration
file. If you find any of the error inside the configuration file
please let me know about it. Any of the suggestion is appreciated.
Thank in advance.
Code in Configuration file is that-:
{
"applicationName":"navi",
"applicationId":"com.amit.navi",
"versionString":"1.0",
"iconName":"resources/icons/Icon~ipad.png",
"inputPath":"build/native",
"outputPath":"build/",
"configuration":"Release",
"platform":"Android",
"deviceType":"Universal",
"certificatePath":"C:/Documents and Settings/amit/.android/amit.keystore",
"certificateAlias":"alias_name",
"sdkPath":"C:/android-sdk",
"orientations": [
"portrait",
"landscapeLeft",
"landscapeRight",
"portraitUpsideDown"
]
}
Here is a guide to creating a key to sign your apk with.
You have currently signed your app with a debug key and need to generate a new one using keytool (java tool) then sign your apk with that.
Sencha guide: http://docs.sencha.com/touch/2-0/#!/guide/native_android
Keytool guide: http://developer.android.com/tools/publishing/app-signing.html
the keytool is in your java directory
According to the 'help' target documentation:
debug: builds the applications and
signs it with a debug key
release; builds the application: the
generated APK file must be signed
before it is published
Here is what I found, which is a bit different than what I expected:
debug: ignores keystore definitions in build.properties whether you specify them or not. Which kesystore file is it using? The same as Eclipse: the default debug.keystore file in your Documents and Settings?
It creates two files:
-debug-unaligned.apk (signed, unaligned)
-debug.apk (signed, aligned)
release: 'help' says it doesn't sign it. It creates these files:
-unsigned.apk (unsigned, unaligned)
The next two are only if you have the values specified in build.properties:
-unaligned.apk (signed, unaligned)
-release.apk (signed, aligned)
Any helpful comments / verifications will be greatly appreciated.
Which kesystore file is it using? The same as Eclipse: the default debug.keystore file in your Documents and Settings?
Yes.
As far as the release target goes, you will get behaviour like this:
If you have lines like:
key.store=c:/users/me/my-release-key.keystore
key.alias=release_alias
key.store.password=myStorePassword
key.alias.password=myAliasPassword
in your build.properties, it will automatically build and sign your apk with no prompting for anything.
If you comment out the last two lines, then it will prompt you for the passwords, then complete a signed build if the passwords are OK.
If you don't have any of the above lines, then it will just build you an unsigned apk with no prompting for anything and end with:
-release-nosign:
[echo] No key.store and key.alias properties found in build.properties.
[echo] Please sign C:\dev\projects\AntBuilds\MyProject\bin\MyProject-unsigned.apk manually
[echo] and run zipalign from the Android SDK tools.
.
This answer works for me, I am using ant to auto-compile android app, it prompts and need password, I wrote one file named password, and using the command ---ant release < passwd,
However, it also prompts that I need input password.
Using the tips here
key.store=c:/users/me/my-release-key.keystore
key.alias=release_alias
key.store.password=myStorePassword
key.alias.password=myAliasPassword
I solved this problem.