Uploading an APK after joining Google Play App Signing

[ChrisB]

I've recently completed a project, compiled the APK and wanted to upload it to my Google Play console to get it up on the Play Store. As part of the process I clicked the opt-in to "Google Play App Signing" (I don't know why, I never opt-in to anything) and now when I try to upload the APK I get the message: 

Upload failed

You uploaded an APK that is signed with a key that is also used to sign APKs that are delivered to users. Because you are enrolled in App Signing, you should sign your APK with a new key before you upload it.

I realise that this is because the key Google have created is not the one used in the APK but I've no idea how to change this and bring it into line with what Google want me to use. Is there any way to get around this or make changes to the keystore file (I assume it is in this that the change would need to be made)? Or am I now doomed to never upload to the Play Store again?

Apologies is this has been posted previously, I couldn't find anything in here or online about it.

Thanks.

[Taifun]

probably this answer can help

Taifun

[ChrisB]

Thank you for the link Taifun, I appreciate you taking the time to reply.

The APK I am uploading is the first of this app; I had not uploaded it previously and am not looking to update it, I am looking to launch it as new. However, I changed the version number and version code but I received the same message when I tried to upload the APK. 

The final post on the thread you linked to may help but I'm afraid I don't understand it. Is this the post you intended for me to read? I am unsure what it means when they say "delete the one you have on Thunkable (assume I can substitute MIT Appinventor here, as I haven't used Thunkable?) and rerun the Export to APK...". Does this mean delete the project? If so, how would I export the APK as the source no longer exists. 

On your link in that thread ("How to Sign my apk?") there is another link to advice on what to do if you have opted in but unfortunately this does not assist as it continues to discuss Thunkable. I did try to start a new project in MIT app inventor and then export the keystore from that and import it into my project, but that APK was not acceptable either and I received the same error message as written above. 

I apologise if I've missed the point or overlooked something but I couldn't see a way to add the new key to the APK. Is this not possible with MIT AppInventor?

[Taifun]

see also what Brainwork said here https://community.thunkable.com/t/how-to-sign-my-apk/5301/9?u=taifun

Also check your playstore console and be sure you have not opted in for Google Play apk signing program. if you have opted already, then follow the topic here to sign your apk or see this:
https://community.thunkable.com/t/problem-in-upload-apk-file-on-google-play/3812/3?u=brainwork

Taifun

[ChrisB]

Thanks again for this.

I have opted-in unfortunately so that's why it needs signing with the Google key. 

I clicked on Brainwork's link (https://community.thunkable.com/t/problem-in-upload-apk-file-on-google-play/3812/3) and followed the advice given to Charlene_Hardden but it didn't help. I don't use Thunkable but followed the advice and tried to start a new project in MIT ai2, exported the keystore and then imported it in to my other project. I compiled the APK but when I attempted to upload the APK to the Google Play console I received the same error message. Is there any way to edit the keystore file to include the new key information from Google? I appreciate any thoughts on this, thanks.

[Evan Patton]

We don't use Google Play App Signing, but here is my understanding based on what I've read:

Apps are signed using a digital key. When you signed up for Google Play App Signing, you need to provide them with the existing key you have been using to sign your apps. Google will now use to sign your apps on your behalf. Once you have done this, you need to upload a new APK that is signed using a different key (called the upload key) than the one you just provided them. This appears to be what the error message is intending to communicate, specifically "you should sign your APK with a new key before you upload it." To do this with App Inventor, do the following:

1. Export your existing keystore via Projects > Export Keystore and back it up somewhere safe.

2. Delete the keystore via Projects > Delete Keystore.

3. Build your project via Build > App (save .apk to my computer). This will generate a new keystore and that will be used to sign the app.

4. Export your new keystore via Projects > Export Keystore. This is your upload key in the Google Play App Signing parlance. You should back it up because my guess is that it is faster to restore this key to App Inventor than it is to go through the reset process with Google (which hopefully involves a human verifying you are who you say you are)

5. Upload the APK file to your Google developer account. It should accept this new APK and will expect all future updated APKs to be signed with your upload keystore.

Let us know how it turns out.

Cheers,

Evan

[ChrisB]

You absolute legend! Thanks Evan, that worked perfectly! Your instructions were simple to follow and I've managed to upload the APK without any issues.

Do you know whether I will have to do the same thing in the future with any updates I want to release (i.e. follow your instructions) or do I need to upload the new keystore that I've backed-up to the project each time I want to build and upload a new APK?

Thanks!

[Evan Patton]

Hi Chris,

The keystore is stored per user, so as long as you don't delete it from your App Inventor account nor upload a new one, you should be fine. Of course, the purpose of this new service is that in the event you ever lost your keystore you can now reset it through Google. However, it is unclear at the moment how much work/verification that entails on the part of the developer.

Cheers,

Evan

[ChrisB]

Hi Evan,

Thank you for this, I really do appreciate it. I'm very happy to be able to upload apps to the Play Store again!

All the best,

Chris