I'm facing a problem with the certificates, two weeks ago I made a backup of my pc, I save the project and the key.jks now in a different computer I'm trying to upgrade my app but It says this:
Upload failed
You uploaded an APK that is signed with a different certificate to your previous APKs. You must use the same certificate.
Your existing APKs are signed with the certificate(s) with fingerprint(s):
[ SHA1: 90:F7:82:F9:C0:52:98:D7:EA:F9:9C:79:B9:00:1D:61:7E:5B:C5:06 ]
and the certificate(s) used to sign the APK you uploaded have fingerprint(s):
[ SHA1: 7B:67:D7:7B:C6:EB:53:49:94:41:86:89:C0:7A:2B:89:5B:0B:AC:A8 ]
Is there a way that I can fix this problem, the app has active users and I don't want to loose them
You cannot update your Apps, if you lost your APK Key. That is said also on Google's official Guide, to why it is soo important to save your API Keys.
You could try and contact Google Play service, but I doubt you'd get a positive respond or any respond at all. Best is to delete the App and re-create it and post it.
Otherwise, you can leave it there and you won't be able to update it without the original Key.
Here from official site Signing Your Application:
Warning: Keep your keystore and private key in a safe and secure
place, and ensure that you have secure backups of them. If you publish
an app to Google Play and then lose the key with which you signed your
app, you will not be able to publish any updates to your app, since
you must always sign all versions of your app with the same key.
Related
For a couple of days, I've been trying to upload the aab of an existing app. We have never tried aab before, so this was a fresh attempt. I encountered an error saying "Your android app bundle is signed with the wrong key", which indicated a mismatch of SHA1. So I cleaned the project, rebuilt, invalidated cache (because why not) and tried again - the error persisted. Although, uploading regular APKs work fine with this keystore.
Out of curiosity, I tried building the signed aab with another keystore in our project directory (one that no one used) and to my surprise, this newly signed aab was accepted. This seemed impossible, and I found the SHA1 of "App signing certificate" belongs to one keystore, while the "Upload certificate" belongs to another keystore.
I don't understand how is this possible. We have multiple people access the dev console. Even if it's a human error, how was the upload certificate from the wrong keystore accepted? How can I have this fixed so that I can upload the aab with the actual keystore?
When you (or someone in your team) enrolled your app in App Signing by Play, you must have created this second keystore to create the upload key and uploaded the certificate to Google Play (by simply following the given instructions).
The upload key is the one that should be used to sign the future APKs and App Bundles.
The reason that your APKs can still be uploaded with your original app signing key even after creating this upload key is that Play wanted to allow for this transition time where you're just testing the App Bundle in some testing track but don't want your current APK release process be affected in the meantime, so they'll still accept the APKs to be uploaded with the app signing key.
Ideally, you should now put the keystore containing your app signing key in a safe location with restricted ACLs (since having it compromised can have devastating consequences, i.e. have to migrate all your users to a new app) and only use the keystore containing your upload key (which, if compromised, can be reset).
For some explanation about upload keys and app signing keys, I recommend reading the documentation here:
https://support.google.com/googleplay/android-developer/answer/7384423?hl=en-US
I had developed my app in xamarin forms and release my android app with playstore. and unfortunately I have to change my system. Now I have done some changes in app and I want to release that new apk in playstore then I am getting this given below:
You uploaded an APK that is signed with a different certificate to your previous APKs. You must use the same certificate. Your existing APKs are signed
with the certificate(s) with fingerprint(s):
[ SHA1: 70:9A:CF:42:5E:98:B9:4D:B2:F6:B7:2E:AC:C4:64:14:4B:5D:76:18 ]
and the certificate(s) used to sign the APK you uploaded have fingerprint(s):
[ SHA1: 62:E0:24:5F:18:95:47:95:60:C3:08:B2:D5:16:E8:C5:46:D1:D7:4E ]
Please help me as I am new with xamarin forms development
Thank you
The apk you uploaded first time(the apk which is live on playstore), had a different signing key compared to the apk you are trying to upload right now.
Once an apk is uploaded on the store, you always have to use the same applicationId and signing key as you used for the first time uploading. If your ever loose your key, you can never update the same apk again.
Edit:
Starting from May 2017, there is an option to upload your keys and back them up in google servers. But you have to opt in to this service. They will backup they keys you uploaded and give them back when you need them. But if you don't opt in for this service already, before losing your keys. you are out of luck
I think you are using different keystore singing file from your previous version keystore file. Please make sure use the same file every time when you are creating signed api for google play store upload.
Keystore file is generated when we create signed apk first time for upload to play store. This file is with extension .jks
References
https://developer.android.com/studio/publish/app-signing
https://headjack.io/tutorial/create-android-keystore-file/
What is Android keystore file, and what is it used for?
I have an app in Google play that I built in Eclipse.
Recently I imported it to Android Studio, made some changes and I want to replace the apk file in the market.
In Eclipse I used unsigned apk and now it's signed one.
Do you know if it can cause problems for the users?
EDIT:
When I try to upload it, this is what I get:
Upload failed
You uploaded an APK that is signed with a different certificate to your previous APKs. You must use the same certificate. Your existing APKs are signed with the certificate(s) with fingerprint(s):
[ SHA1: 07:F5:24:81:59:0B:28:48:A6:48:FC:E3:9B:D5:3D:06 ]
and the certificate(s) used to sign the APK you uploaded have fingerprint(s):
[ SHA1: 79:B7:5D:76:80:32:22:E4:1B:33:5A:69:69:24:79:BA ]
Does anyone know what should I do?
The first APK you uploaded was most likely signed with a debug certificate as opposed to your release one. Google Play doesn't allow you to use a different certificate than the one you originally used, due to security issues. The whole idea behind the certificates is to prevent anyone from uploading potentially malicious code that claims it was by you, thus keeping you users a little safer. So, the only way to change your certificate is to unpublish your old app, create a new one in the console and re-upload. You will also have to change your app's package name to something else before you re-upload.
Does anyone know how to properly test live android in app purchases in titanium debug mode?
Previously, I was successfully able to test live in-app purchases and create real transactions when debugging from Titanium Studio. That was because previously, I had incorrectly created my Google Play store listing using the development .apk as per:
http://developer.appcelerator.com/question/123704/what-keystore-does-titanium-studio-use-to-build-android-app-during-development
and therefore, Google play had associated my dev_keystore with my in-app purchase codes.
However, when I then tried to build and upload my production release using a generated keypair/certificate as per:
wiki.appcelerator.org/display/guides/Distributing+Android+apps
the Google Play store then (correctly) rejected my production candidate complaining that my APK had been signed with a different certificate to the one that was used in the original upload:
You uploaded an APK that is signed with a different certificate to your previous APKs.
You must use the same certificate. Your existing APKs are signed with the certificate(s)
with fingerprint(s): [ SHA1: ...:9D:47:9F ] and the certificate(s) used to sign the APK
you uploaded have fingerprint(s): [ SHA1: ...:5D:E2:4E ]
As such, I had to delete my google play store listing and recreate it from scratch using the signed APK as described by the appcelerator guide referenced above.
This has now resulted in my in-app purchases becoming associated with the signed APK which means that now when I am testing a development build of the app and attempt to make an in-app purchase, I am greeted with:
This version of the application is not configured for billing through Google Play
It is not a timing issue (I have waited 24 hours) as suggested by:
stackoverflow.com/questions/11068686/this-version-of-the-application-is-not-configured-for-billing-through-google-pla
It is occurring because the dev_keystore in my development build doesn't match the certificate associated with the in-app purchase codes.
I imagine I might be able to get around this if Titanium studio allowed me to specify my apps certificate certificate when debugging as per:
http://jira.appcelerator.org/browse/TISTUD-1214
In the interim, a testing workaround to debug purchases is that I have created an additional and separate 'test' duplicate google play application with identical in app purchases and associated it with my development .apk (instead of my signed apk). During testing, I then just need to change:
require('ti.inappbilling').setPublicKey(...)
to point to the test project instead of the real one. Then, when i'm comfortable with the payments, I will build using the real key.
This is a really sub-standard workaround and i'm hoping someone has a better way of doing things.
TISTUD-3669 adds the capability to specify the keystore used for non-production builds. Using this, you won't need the workaround you came up with.
I lost my android apk certificate . Now i want to upload my new apk to the same application again, but its not letting me update and gives me a certificate error
is there a way to extract the certificate from it back ? i have the original apk if its possible using that
the app was build using adobe flash
please tell any details
You need to use a different version code for your APK because you already have one with version code 1000000.
You uploaded an APK that is signed with a different certificate to your previous APKs. You must use the same certificate. Your existing APKs are signed with the certificate(s) with fingerprint(s):
SHA1: 2C:AB:E2:C0:DC:F9:2C:C8:DE:1B:60:DE:84:A1:71:CA:B6:6D:70:8D
and the certificate(s) used to sign the APK you uploaded have fingerprint(s):
SHA1: CC:FF:DE:87:AC:5A:08:E5:ED:21:A6:52:1E:56:73:F1:CD:DF:7D:85
thank you
If you have your old keystore then its possible otherwise not. You need to create new application with new package name for this and then you can upload. You must keep your keystore for your application.
You're out of luck. How did you lose that certificate? Can't you do some hard disk recovery? Didn't you do a back up of it some place?