Android Question Google Play App Signing - A Definitive Guide

[RichardN]

I have updated several apps on the store recently but have not submitted a new app to the Google Store since long before the requirement for signed App Bundles was introduced. I have been using the same .keystore since 2014 so I am well behind the times.

When the requirement came in a couple of years ago several contributors produced their own 'How To' for app signing but with various developments the forum now contains contradictory information. That confuses the poor programmer..... let alone a beginner to B4A. Somewhere in the middle of all this B4A was updated to produce App Bundles.

Do I use my original keystore? Or does the encryption demand more complexity? Does signing up to app signing with the Play Store mean it will apply to my existing apps?

The forum search facility is great but also brings up a lot of stuff that is well out of date. Is there a definitive reference on how to do this?

 

[mcqueccu]

1. Check your old keystore file by going to TOOLS->PRIVATE SIGN KEYS.
If it is using DSA like below then NOT ACCEPTED FOR NEW APPS.

Signature algorithm name: SHA1withDSA
Subject Public Key Algorithm: 1024-bit DSA key

2. New apps must use 2048 bit RSA key and algorithm like below. Create a new keystore with the B4A IDE.

Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key

Therefore, all your new apps will use this keystore going forward

 

[JohnC]

I would first save the current DSA to a file so you can use them for any existing projects that you might still want to release updates for in an APK form for sideloading.

Then I would create the a new RSA key and save it to a different file.

And then I think you can use compiler directives to specify which key to use for each project.

 

[Erel]

Continue to upload APKs for your old project. They will be accepted.

For new projects, create a new key and it will work with AABs.