The Apk Must Be Signed With the Same Certificates as the Previous Version

The apk must be signed with the same certificates as the previous version

Nothing. Read the documentation: Publishing Updates on Android Market

Before uploading the updated application, be sure that you have incremented the android:versionCode and android:versionName attributes in the element of the manifest file. Also, the package name must be the same and the .apk must be signed with the same private key. If the package name and signing certificate do not match those of the existing version, Market will consider it a new application and will not offer it to users as an update.

The apk must be signed with the same certificates as the previous version while uploading apk on market

Yes, You have to have the same keystore file which you have used to upload the 1st version of application on android market.

If you have lost this keystore file then you can't provide update to this application.

Just read this Publishing App on Market. The same problem i've also faced. So, i just change the package name and upload it into market with new keystore. So, keep the Keysotre file safely. See these existing questions which is related to your queries -

  1. Android: I lost my android key store, what should I do?

  2. I lost my .keystore file?

The apk must be signed with the same certificates even if old one is not correct

You have to use the same certificate when you update your apk or Google Play won't recognize it as the same app.

From Google documentation

Application upgrade – As you release updates to your application, you must continue to sign the updates with the same certificate or set of certificates, if you want users to be able to upgrade seamlessly to the new version. When the system is installing an update to an application, it compares the certificate(s) in the new version with those in the existing version. If the certificates match exactly, including both the certificate data and order, then the system allows the update. If you sign the new version without using matching certificates, you must also assign a different package name to the application — in this case, the user installs the new version as a completely new application.

Source: http://developer.android.com/tools/publishing/app-signing.html

Similar info also here in Android developer blog: http://android-developers.blogspot.com.au/2011/06/things-that-cannot-change.html

Just as important as the manifest package name is the certificate that application is signed with. The signing certificate represents the author of the application. If you change the certificate an application is signed with, it is now a different application because it comes from a different author. This different application can’t be uploaded to Market as an update to the original application, nor can it be installed onto a device as an update.

[...]

In conclusion: There are some parts of your application that can not change. Please be careful.

So I'm afraid you can't do much in this case.

The apk must be signed with the same certificates as the previous version

You are not using the same keystore file to sign your apks.

the .apk must be signed with the same private key. If the package name and signing certificate do not match those of the existing version, Market will consider it a new application and will not offer it to users as an update.

Taken from here,

The apk must be signed with the same certificates as the previous version

The only way is to sign your update package apk with the same key which you have used for the previous version. No other go. Google is strict about it.

Can't upload updated APK to Google Play due to different certificate

Firstly, it's unlikely that Google Play is wrong here. Are you sure you didn't use your debug key by mistake?

Check the signing keys used

You should double-check which certificates the old APK and new APK contain, with the commands:

jarsigner -verify -verbose:summary -certs old.apk
jarsigner -verify -verbose:summary -certs new.apk

This shows you information about the files signed in each APK, like this:

sm  4642892 Thu Apr 17 10:57:44 CEST 2014 classes.dex (and 412 more)

    X.509, CN=My App, O=My Company, C=DE, L=Köln
    [certificate is valid from 11/11/13 12:12 to 29/03/41 12:12]
    [CertPath not validated: Path does not chain with any of the trust anchors]

If the new APK says X.509, CN=Android Debug, O=Android, C=US, then you have signed the APK with your debug key instead of the original release key.

If the X.509 identity strings are otherwise different, or the certificate dates are different between the two APKs, you've just confirmed that you did not use the same signing key for both APKs.

You can ignore any "CertPath not validated" message; it's not relevant in this case.

Search for the original keystore

If the certificate information is different, you need to find the original keystore, i.e. the file with the first SHA1 value that Google Play told you.

Search through all the keystore files you can find until you have the one with the correct SHA1 fingerprint:

keytool -list -keystore my-release.keystore

I can't find the original keystore

If you cannot find the original keystore, you will never be able to publish any updates to this particular app.

Android mentions this explicitly on the Signing Your Application page:

Warning: Keep your keystore and private key in a safe and secure place, and ensure that you have secure backups of them. If you publish an app to Google Play and then lose the key with which you signed your app, you will not be able to publish any updates to your app, since you must always sign all versions of your app with the same key.

After the first release of an APK, all subsequent releases must be signed with the exact same key.

Can I extract the original signing key from the original APK?

No. This is not possible. The APK only contains public information, and not your private key information.

Can I migrate to a new signing key?

No. Even if you do find the original, you can't sign an APK with key A, then sign the next update with both keys A and B, then sign the next update with only key B.

Signing an APK (or any JAR file) with multiple keys technically possible, but Google Play does not accept APKs with multiple signatures.

What can I do?

You will have to build your app with a new application ID (e.g. change from "com.example.myapp" to "com.example.myapp2") and create a brand new listing on Google Play.

Possibly you will also have to change your code so that people can install the new app even if they have the old app installed, e.g. you need to make sure that you don't have conflicting content providers.

You will lose your existing install base, reviews etc., and will have to find a way to get your existing customers to uninstall the old app and install the new version.

Again, ensure you have backups of the keystore and password you use for this version.


Related Topics

How to Put a Listview into a Scrollview Without It Collapsing

Android: View.Setid(Int Id) Programmatically - How to Avoid Id Conflicts

How to Filter a Recyclerview With a Searchview

Fullscreen Activity in Android

Android Global Variable

How to Avoid Concurrency Problems When Using Sqlite on Android

Error in Launching Avd With Amd Processor

Difference Between Gravity and Layout_Gravity in Android

How to Correctly Save Instance State of Fragments in Back Stack

Sending and Parsing Json Objects in Android

Running Multiple Asynctasks At the Same Time - Not Possible

Android List View Inside a Scroll View

Making Textview Scrollable on Android

Why 'Pageradapter::Notifydatasetchanged' Is Not Updating the View

Firebase Offline Capabilities and Addlistenerforsinglevalueevent

Read File from Assets

What Is 'Context' on Android

Sending an Intent to Browser to Open Specific Url


Leave a reply



Submit