In recent talk with client, we got an interesting question, if we are able to release new version of application to current users.
We can get certificates for Android Market / App Store, to release application with same signature, but previous supplier is a business enemy, so we want to migrate all users they currently have on the application to our version, via standard update mechanism.
Is this possible? To migrate application to another developer/publisher account and to release an update (which can be completely different, from previous version) so that iTunes/Market update will download and install the new version instead?
I'm looking for solution on both platforms Android Market and Apple App Store, even if it would be necessary to pay some fees and so.
I can only answer for the Android Market:
If you have the release-keys of your old application, you can develop a new application, sign the application with the old key and everybody will be able to upgrade. Of course it will be your job to read the old data, which is saved on the device and transform it to a format which your new app can read, but thats a implementation issue. You will also need access to the google account which was used to upload the application. Google can transfer the account ownership on request.
So: If you got the release-keys, its possible on Android. Otherwise, I'm quite sure that you wont find a solution, you can not upgrade applications if the old and the new version are signed with different keys.
(For android) I have not done this, but without Google's intervention, it would require access to the key that was used to sign the app and the android market account that was used to load the app. If you have those two things, it is possible. Without those, you will probably have to create a new app.
Related
We have the same application for several clients. This application, for security reasons, cannot be published to Google Play, so we distribute it manually to customers.
The problem is that every time there is a new version of the application we have to contact all customers and update all their applications.
Isn't there a way to have private applications on google play and give access to different clients so that they can download the updates for those applications?
I've seen this, but I'm not sure if it behaves like I expect: https://support.google.com/googleplay/android-developer/answer/3131213?hl=en#runtest
Of course you can, there is an internal test app version available in the Play Store where you can upload your app version. Once uploaded you will have a private link available and only the people with access to that link will be able to download the app.
I guess you can publish as a "beta" version of the application https://support.google.com/googleplay/answer/7003180. You can define your clients as beta-testers and app would be visible on market only for them.
I have an approach, Assume you have an .apk file in your website. every customer will download it from here. Now you have to make an API call whenever user will use your application to make sure that they are using the latest version of application by sending the version details to server. If the user is using an older version (This you will get from server/api response) block the screen and redirect them to server to download the new .apk.
You can store the response to a local/DB so they can not use your application in offline mode also.
I've just finished my second react native app and going to release its android version. Should I create a new signing key or I can use my previus project key?
There is nothing that stops you to use one keystore for all apps, but it's not good practice.
With one key, it's easier for you.
With different keys, you can transfer just one of your apps to someone else.
There is no need to create a new signing key. You could use one signing key for every app.
I recently heard a case where a company sold an app to another company, and was more than happy to find out its engineers used separate project keys for all apps; the company basically sold the specific key along with the code and the intellectual property without affecting the rest.
Switching to a new set of keys for an already deployed app is not possible, as it is seemingly tied to the identification of apps for updates, preventing updates from third parties; unfortunately, I do not have a link at hand that documents this.
Android developer site say:
You should sign all of your apps with the same certificate throughout
the expected lifespan of your applications. There are several reasons
why you should do so:
App upgrade: When the system is installing an update to an app, it
compares the certificate(s) in the new version with those in the
existing version. The system allows the update if the certificates
match. If you sign the new version with a different certificate, you
must assign a different package name to the application—in this case,
the user installs the new version as a completely new application.
App modularity: Android allows apps signed by the same certificate to
run in the same process, if the applications so requests, so that the
system treats them as a single application. In this way you can deploy
your app in modules, and users can update each of the modules
independently.
Code/data sharing through permissions: Android provides
signature-based permissions enforcement, so that an app can expose
functionality to another app that is signed with a specified
certificate. By signing multiple apps with the same certificate and
using signature-based permissions checks, your apps can share code and
data in a secure manner.
At these link is another opinion:
I'd recommend using different keystores if they are totally unrelated
apps. If you end up selling one of the apps, you can give away the
corresponding keystore without compromising the security of your other
apps.
We have an app that is running on the app store and has more than a million users. We want to start testing the new app that has a new set of features and total new look and feel. However, we cannot get rid of the old app yet since a million users use that app. Trying to figure out the best go-to-market strategy.
What if we can have both apps out there? One on the app store and another one available as an enterprise build with a different bundle id.
How can I make the app available to download from outside App Store - similar to what SeekingAlpha and Square did? Is there any downside to it?
you can offer current user to try the enterprise build via in-app sign-up option and generate client-id for user. On your cdn/mirror you can only allow authorized cid to download, that way maintaining security and authenticity if its a paid app.
I'm thinking about buying an existing android app from another developer. He has signed other apps not included in the sale with the same signing key as those included in the sale. What if any are the implications of sharing or duplicating the key and us both having a copy so we can update our owned apps? My main concern is can he update my newly purchased app without my permission or access to my developer account or vice versa?
There's a great article/video on how to do an acquisition at Phandroid. It does briefly address the idea of the signing key, but more from the seller's perspective. Regardless, I don't think it will be the worst thing in the world as while he could make a new signed APK of "your" app, he should not be able to publish it to Google Play after it's been transferred to your Google Account. He could try to distribute it through other means, but I wouldn't sweat it too much, especially if you're getting the conditions of the sale in a good contract.
Besides releasing a 'rogue' version of the app, another thing to note is that if the app is using signature permissions or sharedUserId, they could make another app that could potentially access and change data in the original app (via content providers, remote services, etc.) Even if the app is using neither of those, you might decide to add something in the future.
I have developed an Android app which is currently in an open beta phase, which means that each interested user can download the apk from the project's website (http://www.goodnews-mobile.com). I have already provided some updates through the web site and the users had the possibility to gracefully update their current installation without loosing any of the app's data. Now I want to release a new version of this app in the Android Market.
Here is the question: Will the users, who installed the app from the homepage be able to install the new version from the market without needing to uninstall the old version?
From a technical point of view I have ensured everything necessary to provide a graceful update (e.g. using a private key for signature that matches the market rules, maintaining version name and code in the manifest, etc.).
If you use the same key for signing your apk then your users will be able to update via Market. Just make sure it's not the test keys you're using (by default Eclipse uses the default test keys to sign apks before install them in an emulator).
Once you start using a developer key you can't use any other key to sign the same application (identified by the application's top-level Java package e.g. com.example.myapp).