Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android App Sign issue with new update: apk that is not signed with the upload certificate

Recently i have uploaded an app to play-store which is live now and i have enabled app sign in too. But, when i tried to upload a new build, i couldnt able to find my old key store. So, when i generate new KEYSTORE and try to upload, i am getting error :

you uploaded an apk that is not signed with the upload certificate. You must use the same certificate.

enter image description here Please have a look in my developer console, which has both the upload certificate & app signing certificate.

enter image description here

How to get the apk signed with same fingerprint and upload to play-store?

Ref: https://support.google.com/googleplay/android-developer/answer/7384423?hl=en

If you lose your keystore or think it may be compromised, Google Play App Signing makes it possible to request a reset to your upload key. If you're not enrolled in Google Play App Signing and lose your keystore, you'll need to publish a new app with a new package name.

Note: Related to KeyStore many questions on stack overflow, but this is some thing related to new feature from Google "App Signing" and i m not getting nay suitable answer.

I have contacted Google and their response is not confirming anything. Please find below message from google.

I'm sorry for the confusion, however I can see for your app (with package name: com.wma.foodinns.foodinnsapp), you have successfully registered your upload key with Google and have therefore successfully generated an upload key. The upload key you generated and then used to register is the key you should still have on your side and should be used to sign your APKs when uploading new APKs for this app to the Play Console.

The certificate you can download from the Play Console is not the full upload key, but contains the public key as well as some extra identifying information about who owns the key (for more information on this, please see the definitions listed here: https://support.google.com/googleplay/android-developer/answer/7384423?hl=en&ref_topic=7072031).

Do you still have the key you have created that was then registered as as the upload key on the Play Console?

like image 718
Siba Prasad Hota Avatar asked Aug 09 '17 20:08

Siba Prasad Hota


People also ask

How do I sign an unsigned APK?

gradle file, we are good to create an unsigned apk/app bundle. To sign that apk or app bundle, we firstly use keytool to generate a keystore (if you do not have one) and then use jarsigner or apksigner to sign the apk or app bundle with the keystore generated.

How do I sign an APK certificate?

Sign an APK You can include this information in two different ways: Specify a KeyStore file using the --ks option. Specify the private key file and certificate file separately using the --key and --cert options, respectively. The private key file must use the PKCS #8 format, and the certificate file must use the X.

Does APK need to be signed?

Notifications Stay organized with collections Save this page to your Developer Profile to get notifications on important updates. Save and categorize content based on your preferences. Android requires that all APKs be digitally signed with a certificate before they are installed on a device or updated.


2 Answers

FInally, Google Helped me to get this resolved. I have written an email describing the issue and then after getting their responce, followed the below steps.

  1. I created New Keystore.
  2. Exported the certificate for that key to PEM format:
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
  1. Replied to their email and attached the upload_certificate.pem file.
  2. Then Google sent an email saying they have updated my keystore and i can use the same after 3 to 4 days.
  3. I Used the key store newly generated and them generated the signed APK which was successfully uploaded to Playstore.

    Below are the list of locations needed to update keystore

    1. Local machine
    2. Locked on-site server (varying ACLs)
    3. Cloud machine (varying ACLs)
    4. Dedicated secrets management services
    5. (git) repos
like image 56
Siba Prasad Hota Avatar answered Oct 13 '22 10:10

Siba Prasad Hota


Since you are using Google app signing program, you can request to reset your upload key. For that you need to contact Google. as shown in the screenshots below:

Contact Us

Contact Us -> Publishing apps on Google Play -> Application signature certificate & keystore issues -> To request a reset to your upload key, contact us

reset upload key

like image 23
AndroidLearner Avatar answered Oct 13 '22 10:10

AndroidLearner