Android Question Google Play app signing

Roger Taylor

Member
Licensed User
Longtime User
This pertains to the new >August 2021 Google Play app signing scheme that you can opt into, which I did.

The B4A IDE needs to automate all steps to creating an "upload key" for the Google Play Console where we upload our packages (now called Bundles). Google apparently signs the app using our upload key, certificate or whatever they want to call it, but I don't have it, I don't know how to generate one, etc.

I've been a coder for 35 years and I have to admit that this private/public/key/certificate crap is a nightmare. If the B4A IDE isn't helping me any, then I'll have no choice but to migrate completely to the dreaded but much used Android Studio. I want to keep using B4A but B4A needs to keep up with the times! Generate keys for us, save them whereever you like, but sign my app from the IDE automatically with whatever Google Play EXPECTS. I cannot believe I've been sitting here for 3 days googling how to do all of this and all I find is "keytool" examples and CLI commands that nobody on this planet could have figured out on their own in a short time. I now have an older APK app that has been removed by Google due to "non compliance" because I can't get B4X to generate what Google needs. It's ridiculous guys. I paid for this before it was free, so please don't say "it's free - get over it". To make matters worse, there are no real explanations in the forums, but mostly the same key/certificate/private/public jibberish all out of order.
 

aeric

Expert
Licensed User
Longtime User
You mean you can’t follow this tutorial?
 
Upvote 0

Roger Taylor

Member
Licensed User
Longtime User
You mean you can’t follow this tutorial?
So do want to smear me or help, wise guy.
 
Upvote 0

aeric

Expert
Licensed User
Longtime User
So do want to smear me or help, wise guy.
Sorry if my words hurt you. I think it is good to make things simpler. I believe Erel has tried to come out with the most simplest way possible. I know what you feel. It takes me many days to figure out the process to upload my app to Apple iTunes. Creating certificate and provision profile is not fun for beginners. Fortunately Erel created a video tutorial and I watched it over and over. I tried to pause the video and restarted the steps when I made mistakes. Now I am used to it. It is same with this app bundle and signing thing. I have been long time no uploading to Google play store. I will try the steps. Let’s learn together and ask the members when we stuck. Cheers! ?
 
Upvote 0

Erel

B4X founder
Staff member
Licensed User
Longtime User
Moved to the questions forum.

so please don't say "it's free - get over it"
This is really nonsense. You will not find such answer in all the 800,000 posts in this forum.

For new apps with a new key, you don't need to do anything special, assuming that you are using the latest version of B4A.
For existing apps you have two options:
1. Keep using your current key and don't use the new AAB package. There are no advantages to the new package.
2. Do what millions of other Android developers and run the one-line command from Google instructions.
3. If you find step #2 too complicated then don't do it and keep your current key. You will not lose anything. The AAB requirement is only for new apps.
 
Upvote 0

aeric

Expert
Licensed User
Longtime User
I just uploaded a new app to Google using the App Bundle format. I hit some walls but eventually successful uploaded my app and now it is under review. I am using a test app (Todo). I discovered that the pepk.jar and many commands are not required. I made 80+ screenshots of the progress and will try to figure out the required steps.
 
Upvote 0

Roger Taylor

Member
Licensed User
Longtime User
Moved to the questions forum.


This is really nonsense. You will not find such answer in all the 800,000 posts in this forum.

For new apps with a new key, you don't need to do anything special, assuming that you are using the latest version of B4A.
For existing apps you have two options:
1. Keep using your current key and don't use the new AAB package. There are no advantages to the new package.
2. Do what I'm millions of other Android developers anrlaun the one-line command from Google instructions.
3. If you find step #2 too complicated then don't do it and keep your current key. You will not lose anything. The AAB requirement is only for new apps.

I've switched to the new package scheme for a reason. Nothing in the latest B4A mentions anything about an upload key or has a place to enter it. Of course Google rejects my app update (existing app) no matter what I try using the Keystore Explorer which I thought would be better than issuing direct commands.

Edit:

I am not uploading a New App. It's an existing app I've had in the Play Store for years. Yes, I switched to the new bundle format by my own choice even though yes, I'm aware that it's not necessary. Opinions are not useful to me right now. My issue is that the certificates and keys that Google generated for me when I switched to the new app format can't be imported into the B4A IDE that I'm aware of. I've tried using Keystore Explorer to create a new keystore with no luck. Yes, I'm still learning a few things which is why I am asking here in the forums. The tutorial above seems to be for a new app. Perhaps I need to request Google to reset my key... I saw that option if a developer has lost his key that went with an existing app.
 
Last edited:
Upvote 0

aeric

Expert
Licensed User
Longtime User
Opinions are not useful to me right now.
What else you are looking for? I am not sure.

Here’s my comment. B4X forum is a wonderful place to get help. We all volunteer ourself to help others as a token of appreciation from the help with got from others. As a “younger” programmer than some seniors, I understand my path. The software technology market is very disappointing to me too. Big giants like Google, Java, Microsoft come out with new technologies now and then but I know if I want to continue in this field, I need to adapt to it. Fortunately here in B4X community I feel like at home. We are welcome to ask for help. It is easier to get answer than some where else. Sometimes answers are already there, we just need some time to search and try one by one. No one is forced to pay for paid support. As a programmer, we should understand that solutions some times may took some effort. Only my ex superior with no development background and only business oriented mindset think that a solution can appear like a snap of fingers in seconds.

Are you still looking for help or give up?
 
Upvote 0

mcqueccu

Well-Known Member
Licensed User
Longtime User
Here is a tutorial on updating Existing application to App bundle. Its pretty straight forward

Post #7 also throw more light on the process.
If you see Release sign by google then you are good to go
If you see Opt Out, It means you will have to use PEPK.jar to extract the key. Follow the tutorial below and if you encounter any error based on this observations, report back

 
Last edited:
Upvote 0

aeric

Expert
Licensed User
Longtime User
Here is a tutorial on updating Existing application to App bundle. Its pretty straight forward

Post #7 also throw more light on the process.
If you see Release sign by google then you are good to go
If you see Opt Out, It means you will have to use PEPK.jar to extract the key. Follow the tutorial below and if you encounter any error based on this observations, report back

I found one of my old app (apk) in Google Play already opt-in (not sure when I did it or it is automatically opt-in for me). There is no opt-out option. I used my old keystore (1024-bit DSA key, not 2048-bit RSA) and generate the .aab file then successfully upload my app for update. Now it is under review.

1628963522514.png
 
Upvote 0

Roger Taylor

Member
Licensed User
Longtime User
Here is a tutorial on updating Existing application to App bundle. Its pretty straight forward

Post #7 also throw more light on the process.
If you see Release sign by google then you are good to go
If you see Opt Out, It means you will have to use PEPK.jar to extract the key. Follow the tutorial below and if you encounter any error based on this observations, report back


The forum thread is far from being straight forward. It's the reason I'm here. Also, if you see "Releases Signed by Google" you are Not good to go automatically.

My problem at this minute is: Upon building the app bundle B4A is reporting:
B4A Version: 11.00
Parsing code. (0.01s)
Java Version: 11
Building folders structure. (0.01s)
Compiling code. (0.01s)

ObfuscatorMap.txt file created in Objects folder.
Compiling layouts code. (0.00s)
Organizing libraries. (0.00s)
(AndroidX SDK)
Compiling resources (0.32s)
Linking resources (0.29s)
Compiling generated Java code. (0.94s)
Convert byte code - optimized dex. (0.54s)
Copying libraries resources (0.25s)
Building app bundle (1.95s)
Signing AAB file Error

jarsigner: Certificate chain not found for: b4a. b4a must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.

The keystore I'm using in this test is empty then with KeyStore Explorer I Import Trusted Certificate (upload_cert.der provided by Google on the App Integrity page).
I don't know how to make a "certificate chain" or have B4a reference a private key that Google is supposed to be generating itself under the new scheme? I've also got the deployment_cert.der file provided on the same App Integrity page that I don't even know the purpose of this certificate or how to use it.

I'm not going to use the command prompt for this solution. It's Keystore Explorer for me.

Again, if Google Play is signing my apps, why is B4A insisting that I provide a private key?
 
Upvote 0

aeric

Expert
Licensed User
Longtime User
The keystore I'm using in this test is empty
I don’t understand what you mean by empty keystore. Just use the existing keystore we are using all the while and make sure the password is correct. I don’t encounter any error or has the need to download any .der certificate from Google nor need to type any commands in command prompt.
 
Upvote 0

Roger Taylor

Member
Licensed User
Longtime User
I don’t understand what you mean by empty keystore. Just use the existing keystore we are using all the while and make sure the password is correct. I don’t encounter any error or has the need to download any .der certificate from Google nor need to type any commands in command line terminal.

I'll have to look for a backup of my previous keystore file.
<rant> I've already screwed up the working copy royally trying to learn about keys and certificates, which are just words, like "cloud" being a word with 50 different meanings depending on the developer or company, as you know. For the same reason people say Quit saying Cloud, I say quit saying Public Key, Private Key, Public Certificate, Certificate Chain, etc. but I'm just dreaming ... and one day I hope this nightmare ends, but I rant. You can thank Google for throwing a monkey wrench into the app publishing process which was already ridiculous to grasp in the early days. If a coder knows how to create a professional and popular app, it shouldn't be any more difficult to just upload and publish the darn thing, but I digress. </rant>

To be continued...
 
Upvote 0

Roger Taylor

Member
Licensed User
Longtime User
Using my original keystore from previous builds, pre App Bundle format at Google Play console, B4A builds the app using Build App Bundle, but Google Play reports:

Your Android App Bundle is signed with the wrong key. Ensure that your App Bundle is signed with the correct signing key and try again.
Your App Bundle is expected to be signed with the certificate with fingerprint: SHA1: xx:xx:1C:B0:DE:9D:41:14:FB:DD:67:BC:DD:A7:F3:9A:EE:D2:88:15
but the certificate used to sign the App Bundle you uploaded has fingerprint: SHA1: xx:xx:0A:00:96:BD:62:11:34:1C:B9:5A:B4:52:4C:E5:0D:57:6D:BC

Note I edited with "xx" to censor.

The fingerprint Google is expecting is the one under Upload Certificate on the release upload page. This is why I was trying to get it in my keystore somehow. This is why I'm here in the forum trying to figure out why B4A and Google Play are not understanding each other and why I'm doing manually what they both should be automating, in my opinion.
 
Upvote 0

aeric

Expert
Licensed User
Longtime User
Your Android App Bundle is signed with the wrong key. Ensure that your App Bundle is signed with the correct signing key and try again.
I also have the same error at Google Play Console when I tried to upload the aab using a new keystore or wrong old keystore. Try switch to the correct old keystore and create the App Bundle again.
 
Upvote 0

Roger Taylor

Member
Licensed User
Longtime User
I did locate a backup "The Key.keystore" from 2017 for B4A and it worked - Google accepted the App Bundle upload.

Upon examining the 2017 keystore file, I see the same fingerprint that Google has in the "upload certificate" section. You can see why "private key" and "upload certificate" would not be considered the same thing and why I was trying to get this upload certificate in a new keystore file. Additionally, if Google is now signing my apps, why is B4A also signing them? I don't want to know at this time,... I'll save this research for another rainy day when I have more time.

Thanks for the help.
 
Upvote 0

aeric

Expert
Licensed User
Longtime User
I did locate a backup "The Key.keystore" from 2017 for B4A and it worked - Google accepted the App Bundle upload.

Upon examining the 2017 keystore file, I see the same fingerprint that Google has in the "upload certificate" section. You can see why "private key" and "upload certificate" would not be considered the same thing and why I was trying to get this upload certificate in a new keystore file. Additionally, if Google is now signing my apps, why is B4A also signing them? I don't want to know at this time,... I'll save this research for another rainy day when I have more time.

Thanks for the help.
Good to hear that you finally get it to work.
 
Upvote 0
Top