Can’t upload updated APK to Google Play due to different certificate [duplicate]

by

Firstly, it’s unlikely that Google Play is wrong here. Are you sure you didn’t use your debug key by mistake?

Check the signing keys used

You should double-check which certificates the old APK and new APK contain, with the commands:

jarsigner -verify -verbose:summary -certs old.apk
jarsigner -verify -verbose:summary -certs new.apk

This shows you information about the files signed in each APK, like this:

sm  4642892 Thu Apr 17 10:57:44 CEST 2014 classes.dex (and 412 more)

    X.509, CN=My App, O=My Company, C=DE, L=Köln
    [certificate is valid from 11/11/13 12:12 to 29/03/41 12:12]
    [CertPath not validated: Path does not chain with any of the trust anchors]

If the new APK says X.509, CN=Android Debug, O=Android, C=US, then you have signed the APK with your debug key instead of the original release key.

If the X.509 identity strings are otherwise different, or the certificate dates are different between the two APKs, you’ve just confirmed that you did not use the same signing key for both APKs.

You can ignore any “CertPath not validated” message; it’s not relevant in this case.

Search for the original keystore

If the certificate information is different, you need to find the original keystore, i.e. the file with the first SHA1 value that Google Play told you.

Search through all the keystore files you can find until you have the one with the correct SHA1 fingerprint:

keytool -list -keystore my-release.keystore

I can’t find the original keystore

If you cannot find the original keystore, you will never be able to publish any updates to this particular app.

Android mentions this explicitly on the Signing Your Application page:

Warning: Keep your keystore and private key in a safe and secure place, and ensure that you have secure backups of them. If you publish an app to Google Play and then lose the key with which you signed your app, you will not be able to publish any updates to your app, since you must always sign all versions of your app with the same key.

After the first release of an APK, all subsequent releases must be signed with the exact same key.

Can I extract the original signing key from the original APK?

No. This is not possible. The APK only contains public information, and not your private key information.

Can I migrate to a new signing key?

No. Even if you do find the original, you can’t sign an APK with key A, then sign the next update with both keys A and B, then sign the next update with only key B.

Signing an APK (or any JAR file) with multiple keys technically possible, but Google Play does not accept APKs with multiple signatures.

What can I do?

You will have to build your app with a new application ID (e.g. change from “com.example.myapp” to “com.example.myapp2”) and create a brand new listing on Google Play.

Possibly you will also have to change your code so that people can install the new app even if they have the old app installed, e.g. you need to make sure that you don’t have conflicting content providers.

You will lose your existing install base, reviews etc., and will have to find a way to get your existing customers to uninstall the old app and install the new version.

Again, ensure you have backups of the keystore and password you use for this version.

More Related Contents:

  1. The apk must be signed with the same certificates as the previous version
  2. This version of the application is not configured for billing through Google Play
  3. I have forgotten my keystore password and I want to install my apk on Google Play. What do I do?
  4. API to automatically upload apk to Google Play? [closed]
  5. Android – How to intercept the ‘Install application’ intent
  6. Signing an APK with an upload key provided by Google Play
  7. You uploaded an APK that is not zip aligned error
  8. Install Application programmatically on Android
  9. Google Play and OpenSSL warning message
  10. Get referrer after installing app from Android Market
  11. Reverse engineering from an APK file to a project
  12. How to enable Google Play App Signing
  13. How to deal with INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES without uninstall?
  14. Why my App is not showing up on tablets in Google Play?
  15. How do I verify that an Android apk is signed with a release certificate?
  16. Can I re-sign an .apk with a different certificate than what it came with?
  17. Difference between apk (.apk) and app bundle (.aab)
  18. Why does my app size on device differ than the APK or Play store size
  19. Build unsigned APK file with Android Studio
  20. Android – build separate APKs for different processor architectures
  21. why unaligned apk is needed?
  22. Google Play app description formatting
  23. How to implement Rate It feature in Android App
  24. Android Studio: how to generate signed APK using Gradle?
  25. Designing Android apps for tablets
  26. Setting android:extractNativeLibs=false to reduce app size
  27. “your device isn’t compatible with this version”
  28. Where does Android Studio save the ProGuard mapping file?
  29. Is it possible to debug locally Google Play’s in-app billing in Android Studio?
  30. How Do I Create A Certificate For My Android Market APK?

Leave a Comment