Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Deployment and upload key for Google Play - how to use them with Cordova

Tags:

android

google-play-console

cordova

I have created a Cordova hybrid app and somehow managed to sign them for Google Play, starting the process with two commands:

1. keytool ...
2. cordova run android --release keystore==... password=...

After uploading the signed app on the google console and opting for their upload key, I got access to two certificate files: deployment_cert.der and upload_cert.der, and their "hash-codes". This makes me pretty confused. What should I do with them? How can I use them to sign the app for Google Play? (I only use JavaScript for the project, and Cordova commands. Do I need Java or something?)

What makes me even more perplexed is the fact that I was able to ignore those certificates and launch the app on Google Play using just the original keystore (by repeating the command 2 above). So did I sign the app with the upload key? I don't believe so. And how could I?

like image 349
Coatl Avatar asked Mar 28 '18 23:03

Coatl

1 Answers

When you enrolled your app in the Google Play App Signing program, you let Google create and own the private key that will be used to sign the APKs that get delivered to the end users (i.e. the deployment key).

The private key that you used to sign the APKs you first uploaded to the Play Console is what Play calls the upload key. This is the key that you will need to use to sign all future APKs you upload to the Play Console. What the Play Console does is that it looks at the first APK you upload, extract its certificate, and will verify for every future uploads that the APK uploaded matches the same certificate.

The certificates being displayed in the App signing page are just there for informative purposes. The upload certificate is the certificate associated with the private key you used to sign your APK, and the deployment certificate is the certificate associated with the private key that Play Console created and uses to re-sign the APKs. You only need these hashes if your app uses a third-party API that requires authentication to register your app with that third-party service.

I hope that clarifies it a bit.

The official documentation can be found here: https://support.google.com/googleplay/android-developer/answer/7384423

like image 107
Pierre Avatar answered Nov 15 '22 07:11

Pierre
Sign in to Comment

Related questions

How to draw a line in diagonal direction on a widget android
How many (android) phones really still use hdpi or mdpi?
Set ConstraintLayout width to match parent width programmatically
Firebase No properties to serialize found with object in release mode
TextView inside ConstraintLayout clips text and layout_margin cant not be shown correctly
Cordova Android build error :transformClassesWithDexForDebug FAILED
Error converting bytecode to dex: Cause: default or static interface method used without --min-sdk-version >= 24
Start activity with flag FLAG_ACTIVITY_NEW_TASK, the new activity didn't in new task
How to get an ?attr/ value programmatically
NavigationView Items Padding in Android
getSerial() method on Marshmallow
'Cannot resolve symbol Gson' and it won't allow me to import
React native-fbsdk unknown issue?
Error in rendering and ActionBar Overlay layout
How to create assetlinks.json when website is handled by multiple apps
UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 1): Error: spawn EACCES Ionic 3
Resources$NotFoundException for XML vector drawable on API 19
setBackgroundTintList for button programmatically with a hex value / ColorDrawable
Remove "this" callback in kotlin
Room query returning Maybe<List> crashes app when returns empty result

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!