Android Tutorial Google Play App Signing

Discussion in 'Tutorials & Examples' started by Erel, Apr 10, 2018.

Thread Status:
Not open for further replies.
  1. Erel

    Erel Administrator Staff Member Licensed User

    Google Play App Signing service allows developers to let Google store the app signing key for them.
    Developers need to use a different key, the upload key, to sign the app before release.
    The advantage of this service is that with the help of Google support you can generate a new upload key in case the previous one was lost.
    Without this service it is not possible to update an app if you lost its signing key.

    Once you enroll in this service it is not possible to opt out.
    I think that for now it is better not to enroll in this service as it requires a few extra steps, however it means that you should backup your key properly.

    Steps to enroll in this service:

    Go to Release Management - App signing.

    Upload original key to Google:

    You should download pepk.jar from Google app signing instructions page.
    The encryption key should be replaced with the key from the instructions page.
    1.
    Code:
    java -jar pepk.jar --keystore=foo.keystore --alias=b4a --output=encrypted_private_key_path --encryptionkey=aaaaaaaaaaaaaaaaaaaa1e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a20bbbbbbbbbbbbbbbbbbb
    2. upload the output file

    Create the upload key:
    3.
    Code:
    keytool -genkey -v -keystore my-release-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias b4a
    [​IMG]

    4. Extract the certificate from the key and upload it to Google Play:
    Code:
    keytool -export -rfc -keystore my-release-key.jks -alias b4a-file upload_certificate.pem
    [​IMG]

    Manually build and sign the app before uploading it to Google Play

    1.
    Code:
    "c:\Program Files (x86)\Anywhere Software\Basic4android\B4ABuilder.exe" -task=Build -NoSign=True
    [​IMG]

    2. zip align the temp file:
    Code:
    del aligned.apk
    <android sdk>\build-tools\
    27.0.1\zipalign.exe -v -p 4 Objects\bin\temp.ap_ aligned.apk
    [​IMG]

    3. sign the aligned apk (change the path to the upload key):
    Code:
    <android sdk>\build-tools\27.0.1\apksigner.bat sign --ks "c:\users\h\Downloads\my-release-key.jks" --out signed.apk aligned.apk
    [​IMG]

    4. Upload signed.apk to Google Play

    You can make a batch file to automate the building and signing.
    Tip: You should use Call in the batch file to call ApkSigner.bat:
    Code:
    <B4A Path>\B4ABuilder.exe" -task=Build -NoSign=True
    del aligned.apk
    <Android SDK>\build-tools\
    27.0.1\zipalign.exe -v -p 4 Objects\bin\temp.ap_ aligned.apk
    call <Android SDK>\build-tools\
    27.0.1\apksigner.bat sign --ks-pass pass:<password>--ks my-release-key.jks --out signed.apk aligned.apk
    pause
     
    Last edited: May 14, 2018
  2. GMan

    GMan Well-Known Member Licensed User

    Cant find the Link for the PEPK Tool - on the Playstore sides for the App is nothin to find
     
  3. OliverA

    OliverA Expert Licensed User

    Maybe this helps (steps 0 and 1):
    https://stackoverflow.com/a/44103025
     
  4. GMan

    GMan Well-Known Member Licensed User

    Found it already, but my Playstore pages looks different to the shown ones.
    The second picture was not shown to me - it goes directly to the page with Test-, Alpha-, Beta- and Relase Version.
    But -as i read rigth- the signing method is APP-depending, not Account-depending.
    So i will delete the Draft in the List and create it again WITHUT the new signing method
     
  5. yfleury

    yfleury Active Member Licensed User

    I am too fast.
    I think I choose the google signature.
    I upload my app and I don't fellow this procedure.

    So my app is online in Play store.

    And now what? What can I do? Upload a update after I follow this procedure?
     
  6. Erel

    Erel Administrator Staff Member Licensed User

    If you were able to upload your app without following the above steps then you haven't opted to the signing service.
     
    eps likes this.
  7. yfleury

    yfleury Active Member Licensed User

    I signing with Private Sign Key (B4A) and upload it then I choose google signing after upload.

    I will see when I update app if something is going bad.
     
Thread Status:
Not open for further replies.
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice