I was recently hired to rewrite an existing Android project. The old project was published to Google Play, but I do not have access to the source files or the certificate that was used to sign it.
I finished my project, but I'm unable to publish it as a replacement for the old version because I signed mine with a different certificate. Google Play is also complaining because I used a different package name than the original project.
Is there any way around these roadblocks?
It is a new application from GooglePlay perspective. So you can only publish it as new application
As you changed its package name....the only option you have to publish it as a new app on google play
It's a different app if it has a different package name; this is fundamental to Android. Package names are how you refer to a specific app in code and how you search for a specific app, among other things. If you want it to be the same app, keep the same package name!
If it is signed with a different certificate, it can't be installed as an upgrade. This is presumably so you can't install an app with the same package name as another app and read its private data — you have to delete the app (and its data) first (the benefit is limited, of course: you can uninstall the real app and install a lookalike malicious app and steal the user's data that way). This is a bit of a limitation in Android (it doesn't handle certificate expiry, for one) and might be fixed at some point, but I don't expect it to happen any time soon.
I've been in the same situation before — the original developer lost the signing key for one app but not the other. We changed the package name and released it as a new app.
Related
I own an Android app but unfortuantely a SSD disk issue happened and I lost all my app's project files.
I have re-coded my app but updates aren't getting pushed to my app users anymore through my app's in-app updater... And if I send them the APK file they get "App not installed".
And it turned out at the end that the issue is that the current users have my app installed with a different signature than the new re-coded app's signature.
So my question: Can I sign the new APK with the old APK's signature? Or is it possible to extract the keystore/signature of the old APK and put it into the new APK?
Note: I know that my app users can uninstall the current app and install the new one, but the app data for each user shouldn't be removed.
If what you want to do was possible, anyone could decompile, modify and redistribute any app therefore it isn't possible. The OS will treat APKs with different signatures like different apps. The only way I know to use a new key for upgrades is if you used App Signing by Google Play.
Otherwise, you will have to ask your users to migrate to the new app manually.
If you want to use different app signature , you can. For that you need to write mail to google and need to send them details they require.
You can find answer here
I lost my .keystore file?
I have a little issue where I created an Android release build from my Ionic project. I've signed the app in the platform/android/build/outputs/apk folder, so my keystore file also was there. Then I noticed a bug, rebuild the app but I figured the folder gets cleared at each build. As a result I don't have my keystore file anymore and I'm unable to add an update to the Play Store. I've unpublished the previous version but now I'm unable to use my app id as it is used by the unpublished version.
So right now I see three options:
Is there a way to change the app id from the unpublished app? (all related info I've read says no)
Is there an alternative way to use the same app id? (I would not like to have differente app ids for iOS and Android)
As a final option I could use com.mydomain.app as the iOS id and use e.g. com.mydomain.android (and I've moved my signing process to a different folder outside the Ionic project) but is there a way to keep this release-friendly (meaning, is there a way to specify platform specific app ids in Ionic config.xml or other file)
How do you guys handle stuff like this? I suppose I'm not the first random guy this has happened to.
Edit: I found that I'm not the first random guy this has happened to. Which makes option 3 easier to accept if option 1 will never work.
No this is not possible, mentioned clearly in the google doc.
If you lose your keystore, you'll need to publish a new app with a new package name.
If you have lost you app signing key, you can not upgrade your app, that is the reason google came up with a new feature "app signing by Google Play", where Google keeps your signing key, but when you upload your app you need to sign your app with a key(Upload Key), then Google verifies your signature, removes the signature, and then Google re-signs the APKs with the original app signing key you provided and delivers your app to the user. Benefit of this feature is that If you lose your "Upload Key", you can request for reset it from google, and you will be provided with a new "upload key", which you will use for signing app, and Google will re-sign you app using the main key It is keeping since starting.
So I will suggest you to enrol for this feature this time, to avoid an issue in future in case you lose your singing key again.
As others have mentioned, this is not possible outside the scope of App Signing by Play.
However, if your app has not been installed by anyone from the Play Store (except yourself), you can request your app to be deleted, which would allow you to recreate a new app with the same package name.
App Id in a sense is just like a domain name, you can not have more than one as long as you are to upload the application on Google Play.
The only option for you is to create a new build with a different App id.
We currently use a app creator that creates the app package for us. They use an app name convention that have their domain name in the url, ex: com.theirname.ourapp
We are working on a new native app, and will stop using the app creator that we must pay monthly and also did not cover all our needs.
My question is: Do they own the "com.theirname.ourapp" package name? or could we deploy the new app using the same name? We have almost 100K installs, and will not like to star fresh with a new package name. Could they ask or force us to stop using "their" package name?
Thanks,
Luis
The package name is the smaller. The problem i can see is the key. When you create an app you need to generate de APK. APK is the package to install the app id all devices, but the updates need a new one APK signed with the same key. The package you can change and sometimees give you problems, you nd to be carefull with that, but the key always has to be the same. The key has a passwords and then you need to know too.
In the wide world of Android, no-one owns the package name, ignoring legal questions like trademark or copyright. If you are interested in these then you should consult a lawyer, not stackoverflow.
However, in the world of Google Play, the most popular app store on Android, then each package name belongs to a developer account.
If you generated the app with the App creator, and the app creator uploaded it to Google Play, then it will be associated with their developer account. You will also have other propblems, like it being signed with a signing key that they own, not you.
if you generated the APK file with the App creator, and then downloaded it. Then you uploaded it to Google Play later, then the package name is associated with your developer account. You might still have problems with the signing key, unless you signed it yourself.
Any responsible App creator should let you transfer ownership, and also be prepared to let export the signing key. If they don't this is a problem. If this turns out to be the case, you might want to contact Google Play developer support to see if they can help you. I don't know what would be done in this scenario. If this is the case then I'd also share the name of the App creator in your question as a warning to other App developers.
I made an application on android and published it on the play store. I signed my apk with a new private key.
Last week, i wanted to update my application with my new features. So I exported my new apk with the same private key previously created. Then I published and playstore accepted it.
But on the play store in my phone, the application cannot be updated. I have to uninstall it before and if I do that, I will lost my data.
So my question is, how can I make an updatable apk on the google play store
You can't change the signature of your apk uploaded to the play store, you i'll need to use the same signature as before. If you do change the signature of your app and try to upload it you will get an error telling that the same application was found but with a different signature.
If you manually send your users an app (mail for example) with a changed signature they will have to uninstall the current app before they can install the same app with the new signature. Users will lose there application data doing this! This is a safety mechanism, so hackers/bad people can't change your apk and get the user data in that way.
The Android system uses the signature to check if the application is really an update for the existing one on your phone. Because only you now your signature password and stuff, hackers can't use it in there fake app updates for example.
Summary: Always use the same signature!
Check: http://developer.android.com/tools/publishing/app-signing.html
Edit: As said by #HandlerExploit
Probably you have your "non market version/debug version" of the app still installed on your phone, a debug version of the app is always signed with a default debug signature. This signature is different from the one on the market.
Most likely you installed your application with your computers default debug signature during development, you will need to uninstall it before installing your new market version.
Not incrementing your version number in the manifest will also have this effect. Make sure the android:versionCode="1" is different in each version. Also including the exact error message, if it exists, may help.
I have developed an Android app which is currently in an open beta phase, which means that each interested user can download the apk from the project's website (http://www.goodnews-mobile.com). I have already provided some updates through the web site and the users had the possibility to gracefully update their current installation without loosing any of the app's data. Now I want to release a new version of this app in the Android Market.
Here is the question: Will the users, who installed the app from the homepage be able to install the new version from the market without needing to uninstall the old version?
From a technical point of view I have ensured everything necessary to provide a graceful update (e.g. using a private key for signature that matches the market rules, maintaining version name and code in the manifest, etc.).
If you use the same key for signing your apk then your users will be able to update via Market. Just make sure it's not the test keys you're using (by default Eclipse uses the default test keys to sign apks before install them in an emulator).
Once you start using a developer key you can't use any other key to sign the same application (identified by the application's top-level Java package e.g. com.example.myapp).