Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to sign your app using the upload key

Tags:

I'm trying to publish my app to Google playstore, and I can not figure out how to sign the app use the upload key, as stated in https://developer.android.com/studio/publish/app-signing.html

I use Android Studio, and I signed the apk use Build -> generate signed APK, and created my own key at my own key store path/file. Now, to do the release, I need to use the google upload key, which confused me. So,

  1. where can I find my upload key in Google Play Console? Under App signing of this app, I can see Upload certificate of MD5, SHA-1, SHA-256 and even download a upload.pem file. What do I do with it?

  2. then exactly how do I use the Build -> generate signed APK in Android Studio to sign it with this so-called upload key?

My app uses google sign in to authenticate users. Right now it works if I just install my own apk. But if I download it from google store, it can not do the google authentication, for which I assume I screwed up the publication procedure.

FYI, I'm using the "Use Google Play App Signing" process.

Please help.

like image 756
Michael Avatar asked May 23 '17 03:05

Michael


People also ask

How do you self sign an app?

In Android Studio, you can configure your project to sign your release APK automatically during the build process: On the project browser, right click on your app and select Open Module Settings. On the Project Structure window, select your app's module under Modules. Click on the Signing tab.

Can I change app signing key?

No. If you have an APK signed with a signature and containing a package name installed on a device, any subsequent apk with the same package name must have the same signature.

How do I enable sign in app for Google Play?

Open one of your Android projects (choose one at random). Go to Build -> Generate Signed APK and press Create new. Now you should fill the required fields.


1 Answers

I think I've figured this out...

When you elect to use the Google App Signing process, Google Play CHANGES your uploaded app's signature to the SHA-1 certificate fingerprint of the App signing certificate (as against the Upload certificate). See Figure 1 at this Studio document for the process flow.

[Btw, you can find both app's certificates at Google Play Console -> Release Management -> App Signing]

This means that, for Oauth to work, you must create a new OAuth 2.0 credential (at console.developers.google.com) that uses the App signing certificate's fingerprint (as against the Upload certificate's fingerprint) with the same package name.

Your package will now have 2 Oauth credentials, one for production releases, the other for your development/testing. Both will have the same package name; the production credential will use the App signing fingerprint, while the dev/testing credential will use the Upload (or local keystore) fingerprint.

Obviously, you will not know the App signing fingerprint until your app is first deployed to Google play (GP assigns it). So, the production credential will need to be created after uploading to Google Play for the first time, but prior to clicking "Rollout to Production".

like image 60
RudyF Avatar answered Oct 09 '22 02:10

RudyF