I'm using Android Studio to build my Android projects and, when I upload my APK to Google Play, it keeps showing me this error in spite of using the same keystore which I used for earlier versions of my app:
Upload failed
You uploaded an APK that is signed with a different certificate to your previous APKs. You must use the same certificate.
Your existing APKs are signed with the certificate(s) with fingerprint(s):
[ SHA1: 89:2F:11:FE:CE:D6:CC:DF:65:E7:76:3E:DD:A7:96:4F:84:DD:BA:33 ]
and the certificate(s) used to sign the APK you uploaded have fingerprint(s):
[ SHA1: 20:26:F4:C1:DF:0F:2B:D9:46:03:FF:AB:07:B1:28:7B:9C:75:44:CC ]
You can't change the signature of your apk uploaded to the play store, you i'll need to use the same signature as before. If you do change the signature of your app and try to upload it you will get an error telling that the same application was found but with a different signature.
Google Play will not accept a debug version of your .apk file. You can only upload an .apk compiled as release version. Additionally it must be signed with your Android Developer key, which happens in the same step, at least if you're using Eclipse.
Assuming you're using 'Build > Generate Signed APK' in Android Studio and assuming you're using Gradle, you will now have to configure Gradle to sign your apk. The reason being that button in Android Studio doesn't run 'gradle assembleRelease' which would make your apk non-debuggable.
You can only upload an .apk compiled as release version. Additionally it must be signed with your Android Developer key, which happens in the same step, at least if you're using Eclipse. Make sure you distribute an .apk file which is your Signed Release version, as described here:
AFAIK, since 1st August onwards you have to upload OBB for the first time upload but you can still upload APK for existing releases. More: android-developers.googleblog.com/2021/06/… Show activity on this post. You have to upload AAB (Android app bundle).
Firstly, it's unlikely that Google Play is wrong here. Are you sure you didn't use your debug key by mistake?
You should double-check which certificates the old APK and new APK contain, with the commands:
jarsigner -verify -verbose:summary -certs old.apk jarsigner -verify -verbose:summary -certs new.apk
This shows you information about the files signed in each APK, like this:
sm 4642892 Thu Apr 17 10:57:44 CEST 2014 classes.dex (and 412 more) X.509, CN=My App, O=My Company, C=DE, L=Köln [certificate is valid from 11/11/13 12:12 to 29/03/41 12:12] [CertPath not validated: Path does not chain with any of the trust anchors]
If the new APK says X.509, CN=Android Debug, O=Android, C=US
, then you have signed the APK with your debug key instead of the original release key.
If the X.509 identity strings are otherwise different, or the certificate dates are different between the two APKs, you've just confirmed that you did not use the same signing key for both APKs.
You can ignore any "CertPath not validated" message; it's not relevant in this case.
If the certificate information is different, you need to find the original keystore, i.e. the file with the first SHA1 value that Google Play told you.
Search through all the keystore files you can find until you have the one with the correct SHA1 fingerprint:
keytool -list -keystore my-release.keystore
If you cannot find the original keystore, you will never be able to publish any updates to this particular app.
Android mentions this explicitly on the Signing Your Application page:
Warning: Keep your keystore and private key in a safe and secure place, and ensure that you have secure backups of them. If you publish an app to Google Play and then lose the key with which you signed your app, you will not be able to publish any updates to your app, since you must always sign all versions of your app with the same key.
After the first release of an APK, all subsequent releases must be signed with the exact same key.
No. This is not possible. The APK only contains public information, and not your private key information.
No. Even if you do find the original, you can't sign an APK with key A, then sign the next update with both keys A and B, then sign the next update with only key B.
Signing an APK (or any JAR file) with multiple keys technically possible, but Google Play does not accept APKs with multiple signatures.
You will have to build your app with a new application ID (e.g. change from "com.example.myapp" to "com.example.myapp2") and create a brand new listing on Google Play.
Possibly you will also have to change your code so that people can install the new app even if they have the old app installed, e.g. you need to make sure that you don't have conflicting content providers.
You will lose your existing install base, reviews etc., and will have to find a way to get your existing customers to uninstall the old app and install the new version.
Again, ensure you have backups of the keystore and password you use for this version.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With