I made an application on android and published it on the play store. I signed my apk with a new private key.
Last week, i wanted to update my application with my new features. So I exported my new apk with the same private key previously created. Then I published and playstore accepted it.
But on the play store in my phone, the application cannot be updated. I have to uninstall it before and if I do that, I will lost my data.
So my question is, how can I make an updatable apk on the google play store
You can't change the signature of your apk uploaded to the play store, you i'll need to use the same signature as before. If you do change the signature of your app and try to upload it you will get an error telling that the same application was found but with a different signature.
If you manually send your users an app (mail for example) with a changed signature they will have to uninstall the current app before they can install the same app with the new signature. Users will lose there application data doing this! This is a safety mechanism, so hackers/bad people can't change your apk and get the user data in that way.
The Android system uses the signature to check if the application is really an update for the existing one on your phone. Because only you now your signature password and stuff, hackers can't use it in there fake app updates for example.
Summary: Always use the same signature!
Check: http://developer.android.com/tools/publishing/app-signing.html
Edit: As said by #HandlerExploit
Probably you have your "non market version/debug version" of the app still installed on your phone, a debug version of the app is always signed with a default debug signature. This signature is different from the one on the market.
Most likely you installed your application with your computers default debug signature during development, you will need to uninstall it before installing your new market version.
Not incrementing your version number in the manifest will also have this effect. Make sure the android:versionCode="1" is different in each version. Also including the exact error message, if it exists, may help.
Related
I own an Android app but unfortuantely a SSD disk issue happened and I lost all my app's project files.
I have re-coded my app but updates aren't getting pushed to my app users anymore through my app's in-app updater... And if I send them the APK file they get "App not installed".
And it turned out at the end that the issue is that the current users have my app installed with a different signature than the new re-coded app's signature.
So my question: Can I sign the new APK with the old APK's signature? Or is it possible to extract the keystore/signature of the old APK and put it into the new APK?
Note: I know that my app users can uninstall the current app and install the new one, but the app data for each user shouldn't be removed.
If what you want to do was possible, anyone could decompile, modify and redistribute any app therefore it isn't possible. The OS will treat APKs with different signatures like different apps. The only way I know to use a new key for upgrades is if you used App Signing by Google Play.
Otherwise, you will have to ask your users to migrate to the new app manually.
If you want to use different app signature , you can. For that you need to write mail to google and need to send them details they require.
You can find answer here
I lost my .keystore file?
I have a little issue where I created an Android release build from my Ionic project. I've signed the app in the platform/android/build/outputs/apk folder, so my keystore file also was there. Then I noticed a bug, rebuild the app but I figured the folder gets cleared at each build. As a result I don't have my keystore file anymore and I'm unable to add an update to the Play Store. I've unpublished the previous version but now I'm unable to use my app id as it is used by the unpublished version.
So right now I see three options:
Is there a way to change the app id from the unpublished app? (all related info I've read says no)
Is there an alternative way to use the same app id? (I would not like to have differente app ids for iOS and Android)
As a final option I could use com.mydomain.app as the iOS id and use e.g. com.mydomain.android (and I've moved my signing process to a different folder outside the Ionic project) but is there a way to keep this release-friendly (meaning, is there a way to specify platform specific app ids in Ionic config.xml or other file)
How do you guys handle stuff like this? I suppose I'm not the first random guy this has happened to.
Edit: I found that I'm not the first random guy this has happened to. Which makes option 3 easier to accept if option 1 will never work.
No this is not possible, mentioned clearly in the google doc.
If you lose your keystore, you'll need to publish a new app with a new package name.
If you have lost you app signing key, you can not upgrade your app, that is the reason google came up with a new feature "app signing by Google Play", where Google keeps your signing key, but when you upload your app you need to sign your app with a key(Upload Key), then Google verifies your signature, removes the signature, and then Google re-signs the APKs with the original app signing key you provided and delivers your app to the user. Benefit of this feature is that If you lose your "Upload Key", you can request for reset it from google, and you will be provided with a new "upload key", which you will use for signing app, and Google will re-sign you app using the main key It is keeping since starting.
So I will suggest you to enrol for this feature this time, to avoid an issue in future in case you lose your singing key again.
As others have mentioned, this is not possible outside the scope of App Signing by Play.
However, if your app has not been installed by anyone from the Play Store (except yourself), you can request your app to be deleted, which would allow you to recreate a new app with the same package name.
App Id in a sense is just like a domain name, you can not have more than one as long as you are to upload the application on Google Play.
The only option for you is to create a new build with a different App id.
The Android documentation here states:
You must use the same key to sign future versions of your application. If you republish your app with a new key, Google Play will consider it a new app.
There is also a link to this blog that again claims that you can publish an app with the same package name and a different key for the signature although the user will have to eventually uninstall the version signed with the old key.
However when I try to publish an application that I signed with a key that is not the same that was used the first time the application was published I get an error:
You uploaded an APK that is signed with a different certificate to your previous APKs. You must use the same certificate
I have also found the answer here that states that you can't.
So the question is: is it possible and if not why the Android docs says something different?
Technically you can use a different certificate. You just cannot upload it to Google Play if the certificate is different to a previously uploaded one.
Nothing stops you installing the apk manually though after uninstalling the one with a different signature..
You cannot sign with a different key. They won't let you upload it. I don't see where in this blog entry it says you can upload with a different certificate. It seems to be listed under "Things that cannot change."
Just as important as the manifest package name is the certificate that application is signed with. The signing certificate represents the author of the application. If you change the certificate an application is signed with, it is now a different application because it comes from a different author. This different application can’t be uploaded to Market as an update to the original application, nor can it be installed onto a device as an update.
I was recently hired to rewrite an existing Android project. The old project was published to Google Play, but I do not have access to the source files or the certificate that was used to sign it.
I finished my project, but I'm unable to publish it as a replacement for the old version because I signed mine with a different certificate. Google Play is also complaining because I used a different package name than the original project.
Is there any way around these roadblocks?
It is a new application from GooglePlay perspective. So you can only publish it as new application
As you changed its package name....the only option you have to publish it as a new app on google play
It's a different app if it has a different package name; this is fundamental to Android. Package names are how you refer to a specific app in code and how you search for a specific app, among other things. If you want it to be the same app, keep the same package name!
If it is signed with a different certificate, it can't be installed as an upgrade. This is presumably so you can't install an app with the same package name as another app and read its private data — you have to delete the app (and its data) first (the benefit is limited, of course: you can uninstall the real app and install a lookalike malicious app and steal the user's data that way). This is a bit of a limitation in Android (it doesn't handle certificate expiry, for one) and might be fixed at some point, but I don't expect it to happen any time soon.
I've been in the same situation before — the original developer lost the signing key for one app but not the other. We changed the package name and released it as a new app.
I would like to update my app using the same package name but different signing certificate (consultants made first version and I don't have their certificate info). If I unpublish and then upload the new apk, will existing users be able to do an easy update or will users have to uninstall and download a new app?
This is not possible. The keystore contains a certificate which is used to digitally sign your apk. Each certificate is completely unique, and cannot be regenerated or recovered from older apks.
Google relies on this because it is extremely secure, and allows them to really reduce the chances that someone can hack your developer account details and upload a malicious apk as an update to your existing app.
For now, you'll have to reupload the app under a different package name with a different key, and somehow inform users that you have changed the app details.
When you unpublish the app, new users will no longer be able to see it, but older users will still have it installed and will be able to see it in Google Play.
They will have to download a new app.
Only if your have the original certificate it is possible to let user's update the existing app.
See: Publishing Updates on Android Market
Before uploading the updated application, be sure that you have
incremented the android:versionCode and android:versionName attributes
in the element of the manifest file. Also, the package name must be
the same and the .apk must be signed with the same private key. If the
package name and signing certificate do not match those of the
existing version, Market will consider it a new application and will
not offer it to users as an update.
also see this post:
Fraid not. The play store requires that an updated app to have the same package name and the same certificate.
If you need to create a new certificate you would have to publish it as a new with a different package name and upload this version to the market.
You would then have to tell existing users that in order to get the update they should download the new version from the play store and remove the existing app from the device.