Android Tutorial Google Play App Signing

Google Play App Signing service allows developers to let Google store the app signing key for them.
Developers need to use a different key, the upload key, to sign the app before release.
The advantage of this service is that with the help of Google support you can generate a new upload key in case the previous one was lost.
Without this service it is not possible to update an app if you lost its signing key.

Once you enroll in this service it is not possible to opt out.
I think that for now it is better not to enroll in this service as it requires a few extra steps, however it means that you should backup your key properly.

Steps to enroll in this service:

Go to Release Management - App signing.

Upload original key to Google:
You should download pepk.jar from Google app signing instructions page.
The encryption key should be replaced with the key from the instructions page.
1.

java -jar pepk.jar --keystore=foo.keystore --alias=b4a --output=encrypted_private_key_path --encryptionkey=aaaaaaaaaaaaaaaaaaaa1e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a20bbbbbbbbbbbbbbbbbbb

2. upload the output file

Create the upload key:
3.

keytool -genkey -v -keystore my-release-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias b4a

4. Extract the certificate from the key and upload it to Google Play:

keytool -export -rfc -keystore my-release-key.jks -alias b4a -file upload_certificate.pem

Manually build and sign the app before uploading it to Google Play

1.

"c:\Program Files (x86)\Anywhere Software\Basic4android\B4ABuilder.exe" -task=Build -NoSign=True

2. zip align the temp file:

del aligned.apk
<android sdk>\build-tools\27.0.1\zipalign.exe -v -p 4 Objects\bin\temp.ap_ aligned.apk

3. sign the aligned apk (change the path to the upload key):

<android sdk>\build-tools\27.0.1\apksigner.bat sign --ks "c:\users\h\Downloads\my-release-key.jks" --out signed.apk aligned.apk

4. Upload signed.apk to Google Play

You can make a batch file to automate the building and signing.
Tip: You should use Call in the batch file to call ApkSigner.bat:

<B4A Path>\B4ABuilder.exe" -task=Build -NoSign=True
del aligned.apk
<Android SDK>\build-tools\27.0.1\zipalign.exe -v -p 4 Objects\bin\temp.ap_ aligned.apk
call <Android SDK>\build-tools\27.0.1\apksigner.bat sign --ks-pass pass:<password>--ks my-release-key.jks --out signed.apk aligned.apk
pause

 

[GMan]

Cant find the Link for the PEPK Tool - on the Playstore sides for the App is nothin to find

 

[OliverA]

Cant find the Link for the PEPK Tool

You should download pepk.jar from Google app signing instructions page.

Maybe this helps (steps 0 and 1):
https://stackoverflow.com/a/44103025

 

[GMan]

Found it already, but my Playstore pages looks different to the shown ones.
The second picture was not shown to me - it goes directly to the page with Test-, Alpha-, Beta- and Relase Version.
But -as i read rigth- the signing method is APP-depending, not Account-depending.
So i will delete the Draft in the List and create it again WITHUT the new signing method

 

[yfleury]

I am too fast.
I think I choose the google signature.
I upload my app and I don't fellow this procedure.

So my app is online in Play store.

And now what? What can I do? Upload a update after I follow this procedure?

 

[Erel]

If you were able to upload your app without following the above steps then you haven't opted to the signing service.

 

[yfleury]

I signing with Private Sign Key (B4A) and upload it then I choose google signing after upload.

I will see when I update app if something is going bad.