I have a gradle-based android project and trying to generate a release apk. However, it seems that somehow gradle is picking up the wrong key/cert.
This is what I have in build.gradle:
signingConfigs {
release {
storeFile file("mykey.jks")
storePassword "mypass"
keyAlias "mykey.key"
keyPassword "mypass"
}
}
buildTypes {
release {
debuggable false
jniDebugBuild false
runProguard true
proguardFile getDefaultProguardFile('proguard-android.txt')
signingConfig signingConfigs.release
}
}
And after running
gradlew assembleRelease
and taking out META-INF/CERT.RSA from inside the .apk I run the following:
keytool -list -keystore mykey.jks
and
keytool -printcert -v -file CERT.RSA
but they produce output with different certificate fingerprints. Trying with a certificate from another apk signed with the same key (but not with gradle) yields the correct certificate fingerprint.
Gradle seems to be picking up the keystore fine (changing the password or location or alias makes it stop working).
I'm puzzled since I don't want to release something to the store signed with an unknown key and then not be able to update it. I don't have a debug key explicitly defined in gradle.
UPDATE: This has something to do with the keystore. Trying the same gradle code with a fresh keystore and key works fine. This problematic keystore was imported from a pkcs#12 format (.p12 file). Using Intellij or jarsigner works fine with this keystore though, it's just the gradle code that has a different output - and it seems only the certificate generated from the key is different.
In my case I was not aware I am using debug keystore file for release. In project/android/app/build.gradle
buildTypes {
debug {
signingConfig signingConfigs.debug
}
release {
// Caution! In production, you need to generate your own keystore file.
// see https://facebook.github.io/react-native/docs/signed-apk-android.
signingConfig signingConfigs.debug // <-- need to be changed with
//the line below
//signingConfig signingConfigs.release
minifyEnabled enableProguardInReleaseBuilds
proguardFiles getDefaultProguardFile("proguard-android.txt"), "proguard-rules.pro"
}
}
I faced the same issue while building signed .aab file with gradle.
It has to do with gradle caching issue.
I just restarted my gradle daemon threads running in my system and clean gradle cache.
./gradlew --stop
./gradlew clean
./gradlew bundleRelease
And it resolved the problem.
The only solution here was to start with a fresh key. The previous key had been imported from a PKCS12 format and I think that somehow caused the gradle code to generate a different certificate than jarsigner.
Related
According to RN docs this should be impossible but I'm getting a red screen error on my app downloaded from the playstore. The playstore version generally works fine but there was a null value on one of the screens and it popped a redscreen.
Definitely uploaded the release version of APK using Build --> Generate Signed Bundle/APK. I'm totally at a loss of where else to look as I can't find any mentions of similar situations through searches.
Build.gradle file looks like:
buildTypes {
release {
minifyEnabled enableProguardInReleaseBuilds
signingConfig signingConfigs.release
proguardFiles getDefaultProguardFile("proguard-android.txt"), "proguard-rules.pro"
}
debug {
debuggable false
}
Edit for additional steps I've tried:
Tried following this RN guide for releasing as well: https://reactnative.dev/docs/signed-apk-android to no avail.
Confirmed the apk I'm using is in-fact a release build using jarsigner -verify -verbose -certs my_application.apk
Testing using a console.error() just after I see the app load successfully and that consistently shows a red screen.
I created a new Flutter project and I built a release APK flutter build apk without creating a release Android keystore.
Which keystore did the Flutter use to build a release APK by default?
I just found out the answer from Android app Gradle.
Flutter signs a release build using debug keys by default.
This line of comments found in android/app/build.gradle are very self explanatory.
buildTypes {
release {
// TODO: Add your own signing config for the release build.
// Signing with the debug keys for now, so `flutter run --release` works.
signingConfig signingConfigs.debug
}
}
I am running into the following message when attempting to upload my APK as an alpha release on Google Play.
'You uploaded a debuggable APK. For security reasons you need to disable debugging before it can be published in Google Play.'
In my gradle I have configured the signing config and build type(s) as follows:
signingConfigs {
release {
storeFile file("PATH TO KEY STORE")
storePassword "STORE PASSWORD"
keyAlias "ALIAS"
keyPassword "PASSWORD"
}
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
signingConfig signingConfigs.release
testCoverageEnabled true
debuggable false
}
debug { testCoverageEnabled true }
}
Furthermore, I've verified using jarsigner that my APK was signed and that the CN does not contain CN=Android Debug.
The manifest for the APK does not contain the attribute android:debuggable.
The application I've built is a Kotlin application with the following dependencies:
Android Support v13 27.0.2
Android Support Annotations 27.0.2
Android Support Constraint Layout 1.0.2
Junit 4.12
Mockito 2.15.0
Robolectric 3.7
Android Support Test Runner 1.0.1
Android Support Test Espresso Core 3.0.1
I've attempted to upload the APK generated via gradle command line (i.e., gradle build) as well as the APK generated from the IDE using Build, Generate
Signed APK, and I've ensured that the release variant is selected when building from the IDE and gradle before attempting to upload to Google Play.
Finally, I've attempted this with multiple keystores (creating a new one thinking that perhaps my first one was invalid), and still I cannot upload my APK. To clarify, this is the first apk upload. No prior version exists on Google Play.
Is one of the support libraries leading to this issue, or is there something I have missed?
I discovered the issue.
It seems an APK with test coverage enabled is considered debuggable.
After removing the line
testCoverageEnabled true
from my release build type, I was able to upload my APK.
I am attempting to generate a signed APK for my app. I'm using Android Studio to generate the release APK: build > generate signed APK. I then get a popup for my key store, alias, and passwords. This process has worked in the past but, I suspect, stopped working after a recent upgrade of tools and other support. What can I do to get Android Studio to generate the signed APK with a valid signature?
When I inspect the APK using jarsigner, from the Java 1.8 release, I get the message:
jar is unsigned. (signatures missing or not parsable)
If I use jarsigner to sign the app, it then installs on most devices but not on my device running Android 4.1. The command I used is:
jarsigner -verbose -keystore "...path...\perinote-release.keystore" app-release.apk perinote
Further, if I add to the jarsigner options:
-digestalg SHA1 -sigalg MD5withRSA
it is accepted by the Android 4.1 device. I found these options in another post, no manifest. jar is unsigned. (signatures missing or not parsable), indicating that there was, at some point, a change in the encryption from SHA1 to SHA2.
Here is my build.gradle for "app"
apply plugin: 'com.android.application'
android {
signingConfigs {
release {
keyAlias 'perinote'
storeFile file('...path.../perinote-release.keystore')
}
}
compileSdkVersion 24
buildToolsVersion "25.0.0"
compileOptions.encoding = 'UTF-8'
defaultConfig {
applicationId "com.perinote.camera"
minSdkVersion 15
targetSdkVersion 24
renderscriptTargetApi 20
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt'
signingConfig signingConfigs.release
}
}
lintOptions {
checkReleaseBuilds false
}
}
dependencies {
compile 'com.android.support:support-v4:24.0.0'
testCompile 'junit:junit:4.12'
}
What can I do to configure Android Studio to use SHA1 so that my app(s) will continue to work on Android 4.1 devices? Or is there something else I should be doing?
EDIT: I realize I should switch to SHA256. But I still need a way for my app to run on Android 4.1. Do I need to generate two versions and publish both of them?
To get both signature versions, simply check the checkboxes for V1 and V2 at the bottom of the 2nd Generate signed APK dialog box.
I hadn't noticed this dialog changed after updating AS and blew right past it.
I tried uploading my apk to Googleplay because of this.
You uploaded an APK that is not zip aligned. You will need to run a
zip align tool on your APK and upload it again.
So I added buildtypes for using zipalign with proguard in build.gradle
buildTypes {
release {
runProguard true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt'
zipAlign true
}
}
but I got this error code during making signed apk file.
Generate signed APK: Errors while building apk, see messages tool
window for list of errors.
so I tried building signed apk with setting runProguard false, actually it worked.
but I really wondering why I couldn't make signed apk with Proguard.
Check the location and path to the key signature.