I developed an android project for a customer which I signed with my own generated keystore.
Now I'd like to hand over the project to a different developer; (how) is it possible for him to sign the app and submit it to the market - without my keystore? Can I generate a file for him or how does that work?
Thanks a lot!
Signing Your Applications is detailed in the Android documentation:
Application upgrade – As you release updates to your application, you
will want to continue to sign the updates with the same certificate or
set of certificates, if you want users to upgrade seamlessly to the
new version. When the system is installing an update to an
application, it compares the certificate(s) in the new version with
those in the existing version. If the certificates match exactly,
including both the certificate data and order, then the system allows
the update. If you sign the new version without using matching
certificates, you will also need to assign a different package name to
the application — in this case, the user installs the new version as a
completely new application.
This basically means that any developer will need to sign updates with your keystore, or users won't be able to install the new version.
You can modify the passwords for your keystore but you generating a new keystore will cause problems for your users. If you generate a new keystore, you'll have to remove the app from the Market and submit a new version. Existing users will not be able to upgrade - they'll need to uninstall and install the new version.
if you can want to give your keystore it's possible for that you need to give their details like alias name, password etc.
Another developer can create there own keystore on his way
Application signing gives you the possibility to make updates to the application. If the application v1.0 is signed with one certificate and application v1.1 is signed with different certificate - your users won't see the update notification, it will appear like a new application. Who should own the keystore is not as important, as fact that every update must be signed with the same certificate. In fact, the owner of the certificate must be the publisher: if you're the publisher - sign it with your certificate, if the customer publishes the application - sign it with his certificate. Hope this helps.
Related
My org android app is signed with 2 Keystore files. So while doing app signing on Play Store, I am getting the following message
Your app cannot be enrolled into App Signing because of the following reasons:
We do not support enrolling apps signed with multiple keys
So, wants to know if there is any way to move from 2 certificate signings to 1 certificate keeping the same app in Play Store
Unfortunately it is not possible today.
For app updates to work, the Android framework requires that the app be signed by the same certificates, so it is not possible to change the certificates. The only option would be to create a new app (i.e. new package name).
Android has introduced key rotation, which could possibly help with this situation, but it is unfortunately not supported by Play to this day.
Hy,
yesterday, I publish an app on play store. I have done a big mistake, I signed the app with debug.keystore so the map is not shown when the app is published.
to solve this, I resign the app with a new keystore and generate a new map key (with new sh1).
but the problem that i can't now publish the new apk, they said (The apk must be signed with the same certificates).
what I can do now ?
You have to use the same certificate when you update your apk or Google Play won't recognize it as the same app.
From Google documentation
Application upgrade – As you release updates to your application, you must continue to sign the updates with the same certificate or set of certificates, if you want users to be able to upgrade seamlessly to the new version. When the system is installing an update to an application, it compares the certificate(s) in the new version with those in the existing version. If the certificates match exactly, including both the certificate data and order, then the system allows the update. If you sign the new version without using matching certificates, you must also assign a different package name to the application — in this case, the user installs the new version as a completely new application.
Source: http://developer.android.com/tools/publishing/app-signing.html
Similar info also here in Android developer blog: http://android-developers.blogspot.com.au/2011/06/things-that-cannot-change.html
Just as important as the manifest package name is the certificate that application is signed with. The signing certificate represents the author of the application. If you change the certificate an application is signed with, it is now a different application because it comes from a different author. This different application can’t be uploaded to Market as an update to the original application, nor can it be installed onto a device as an update.
[...]
In conclusion: There are some parts of your application that can not change. Please be careful.
So I'm afraid you can't do much in this case.
I want to upload apk with different signed keystore after deactivate current apk.
Actually company lost old one keystore that used for signed APK.
So any another way for get old keystore or upload new apk as Same app Update.
For this issue here is the answer from Google Play Team:
Hi x,
Thank you for your note.
If you've lost your keystore you'll have to publish the app with a new package name and a new key. You should also update the description of the original app and unpublish it. Please note that users are allowed unlimited reinstalls of each application distributed via Google Play, an application will remain available to users that have already installed it even after it has been unpublished. Currently we do not support the deletion of apps or the re-use of package names.
Unfortunately, there is nothing else we can do to assist you further with this matter.
Regards,
The Google Play Team
Here is Reference
As blackbelt stated, if you signed it with a different keystore, it will be a new application. So you should tell your users that they have to download the new version of the app.
However you could check this tool which will try to recover your private key with the alias. I don't guarantee that you could retrieve it but you could give a try.
The tool recovers the key for your alias. By default this is the same
like the keystore password. Now there is an option to save
the key in a new keystore with the same password than the key! You can
use this, to sign your apk and update your app in the Playstore.
Here's the link :
https://code.google.com/p/android-keystore-password-recover/
I want to upload my application on playstore. I already have another application published. Is it necessary that I use the same keystore that my first application so the same package name, or can I use another keyStore? In fact I tried with a new keystore and I'm still stuck at Price and availability of the application (error)
In general, the recommended strategy for all developers is to sign all of your applications with the same certificate, throughout the expected lifespan of your applications. There are several reasons why you should do so:
Application upgrade – As you release updates to your application, you must continue to sign the updates with the same certificate or set of certificates, if you want users to be able to upgrade seamlessly to the new version. When the system is installing an update to an application, it compares the certificate(s) in the new version with those in the existing version. If the certificates match exactly, including both the certificate data and order, then the system allows the update. If you sign the new version without using matching certificates, you must also assign a different package name to the application — in this case, the user installs the new version as a completely new application.
Application modularity – The Android system allows applications that are signed by the same certificate to run in the same process, if the applications so requests, so that the system treats them as a single application. In this way you can deploy your application in modules, and users can update each of the modules independently if needed.
Code/data sharing through permissions – The Android system provides signature-based permissions enforcement, so that an application can expose functionality to another application that is signed with a specified certificate. By signing multiple applications with the same certificate and using signature-based permissions checks, your applications can share code and data in a secure manner.
For more see Signing Your Applications
you can use different keystore for different apps. But to update an existing app you must use the same keystore. For details about publishing see the doc here
You must use the same keystore because all the information will be lost if you use another keystore like No. of Downloads etc.
Also with the existing app if you upload same app with another keystore then it will give error for having same package name.
Try to use same keystore and change the version of app. That will be beneficial for you.
I would like to update my app using the same package name but different signing certificate (consultants made first version and I don't have their certificate info). If I unpublish and then upload the new apk, will existing users be able to do an easy update or will users have to uninstall and download a new app?
This is not possible. The keystore contains a certificate which is used to digitally sign your apk. Each certificate is completely unique, and cannot be regenerated or recovered from older apks.
Google relies on this because it is extremely secure, and allows them to really reduce the chances that someone can hack your developer account details and upload a malicious apk as an update to your existing app.
For now, you'll have to reupload the app under a different package name with a different key, and somehow inform users that you have changed the app details.
When you unpublish the app, new users will no longer be able to see it, but older users will still have it installed and will be able to see it in Google Play.
They will have to download a new app.
Only if your have the original certificate it is possible to let user's update the existing app.
See: Publishing Updates on Android Market
Before uploading the updated application, be sure that you have
incremented the android:versionCode and android:versionName attributes
in the element of the manifest file. Also, the package name must be
the same and the .apk must be signed with the same private key. If the
package name and signing certificate do not match those of the
existing version, Market will consider it a new application and will
not offer it to users as an update.
also see this post:
Fraid not. The play store requires that an updated app to have the same package name and the same certificate.
If you need to create a new certificate you would have to publish it as a new with a different package name and upload this version to the market.
You would then have to tell existing users that in order to get the update they should download the new version from the play store and remove the existing app from the device.