Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android APK built from android studio and console have different SHA fingerprints

While building signed release APK I've come across the following: if I build signed apk from android studio (via Build -> Generate Signed APK...) with build.gradle file like this (only relevant parts):

signingConfigs {
    release {
        storeFile file('/keystore/location/mykeystore.keystore')
        storePassword 'storepassword'
        keyAlias 'key'
        keyPassword 'keypassword'
    }
}
buildTypes {
    release {
        signingConfig signingConfigs.release
    }
}

The resulting apk fingerprint is YY:YY.
However, if I build my APK from console as described here with build.gradle like this:

buildTypes {
    release {
    }
}

And sign it with the same keystore file, the resulting apk fingerprint is XX:XX.

Also, both SHA fingerprints are different from my debug certificate SHA fingerprint. What's the cause of such behaviour?

I'm using buildToolsVersion 23.0.0
android studio gradle version 1.3.0
android sdk tools version 24.3.4
android studio version 1.3.1

like image 889
Mikhail Avatar asked Aug 24 '15 13:08

Mikhail


People also ask

How to get SHA1 certificate fingerprint in Android Studio?

Click on Your Project (Your Project Name form List (root)) Click on Tasks. Click on Android. Double Click on signingReport (You will get SHA1 and MD5 in Run Bar(Sometimes it will be in Gradle Console))

How to get SHA-1 certificate fingerprint?

Open a terminal and run the keytool utility provided with Java to get the SHA-1 fingerprint of the certificate. You should get both the release and debug certificate fingerprints. Note: When using Play App Signing, the upload key certificate will be different than the app signing key certificate.

What is SHA1 certificate fingerprint?

SHA-1 is most often used to verify that a file has been unaltered. This is done by producing a hash value(hash value is produced by running an algorithm, called a cryptographic hash function), before the file has been transmitted, and then again once it reaches its destination.


1 Answers

Did you check the contents of the keystore? The fingerprint has to match one of the certificates. It is possible to have multiple certificates in your keystore, perhaps a different one is being used during signing from the console? You can check the certificates by running the following command:

keytool -v -list -keystore /path/to/keystore

enter the password for the keystore and you should get a list of the aliases. I'd also check the debug keystore to make sure there aren't other certificates there.

The only other possibility I can think of is a path issue that is causing a different keystore to be used.

like image 195
Jim Baca Avatar answered Nov 15 '22 06:11

Jim Baca