Signing & Releasing IOS/Android App

Topics

• Generating Android Release/Debug key ( Developer )
• Getting Google Play signing key
• Generating IOS signing key
• Codemagic Android + IOS Code signing
• Configure Firebase App Distribution
• Link Google Play Console with Google Cloud Platform
• Upload release from Codemagic to Google Play Console
• Get the Google Play Console Key Hash for Facebook
• Get the Firebase App Distribution Key Hash for Facebook

Android App Signing ( Release + Debug )

Generating Android Release/Debug key ( DEVELOPER )

If you don’t have keytool already installed here is the link that will walk you through the installation.

My recommendation is to create a keystore folder inside your root project and then navigate inside your keystore folder, run the first command line and it will generate the keystore.jks file (Java Keystore File)

Related to the alias you can choose what you want for example namealias

It is not necessary to store the JKS file inside your root project.

The second command line is only to generate the Debug key, after running the command it will create a debug.keystore file, the password to access is android and you can change the alias.

keytool -genkeypair -v -keystore keystore.jks -storetype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias namealias
keytool -genkey -v -keystore debug.keystore -storepass android -alias androiddebugkeyalias -keypass android -keyalg RSA -keysize 2048 -validity 10000

Here is the link to see more information about KEYTOOL-KEY

Once you enter the keytool command line you must enter the following information:

Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:
What is the name of your organizational unit?
  [Unknown]:
What is the name of your organization?
  [Unknown]:
What is the name of your City or Locality?
  [Unknown]:
What is the name of your State or Province?
  [Unknown]:
What is the two-letter country code for this unit?
  [Unknown]:
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 10,000 days
 for: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Enter key password for <namealias>
 (RETURN if same as keystore password):
[Storing keystore.jks]

The first password is related to the JKS file and the second password is related to the key alias.

Inside the JKS file you can store many aliases and each alias has its own password and can be different from the JKS file.

Create a new file called key.properties inside the keystore folder that you created previously, then paste the following code:

storePassword=passwordOfYourJKSFile
keyPassword=passwordOfYourKeyAlias
keyAlias=namealias
storeFile=../keystore/keystore.jks

The last part is to configure android/app/build.gradle file.

android {
...
signingConfigs {
debug {
    storeFile rootProject.file('debug.keystore')
    keyAlias 'androiddebugkeyalias'
    keyPassword 'android'
    storePassword 'android'
  }
  release {
    keyAlias keystoreProperties['keyAlias']
    keyPassword keystoreProperties['keyPassword']
    storeFile file(keystoreProperties['storeFile'])
    storePassword keystoreProperties['storePassword']
  }
}
buildTypes {
  release {
    signingConfig signingConfigs.release
  }
}
...

Getting Google Play signing key

Go to the Google Play Console select your app and then click on App Integrity on the left panel inside Settings and you will see the App signing key certificate which means that Google Play will Sign your app for you, we will need this step to configure the Facebook App.

Generating IOS signing key

Go to the Apple developer page Certificates, Identifiers & Profiles

Create New Identifier

1. Navigate inside Identifier click on +
2. Select App IDs
   Select type: App
   Select capabilities you want for example Sign In with Apple

Create a Certificate Signing Request with Keychain Access

1. Launch Keychain Access (CMD + Space) Keychain Access
2. Choose Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
3. In the Certificate Assistant dialog, enter an email address in the User Email Address field.
4. In the Common Name field, enter a name for the key (For example: Test some key)
5. Leave the CA Email Address field empty.
6. Choose “Saved to disk”, and click Continue.

A new Certificate is generated proceed to the next Step.

Create New Certificate

1. Navigate inside Certificates click on +
2. Software: iOS Distribution (App Store and Ad Hoc)
3. Choose file and upload the certificate already created in the previous step
4. Download your Certificate
5. Drag the Certificate inside Keychain Access
6. Select the Certificate already downloaded and dragged and the first certificate already created called Test some key (Step 4 for previous step)
   You must select both files and then right click > Export 2 items and save the p12 file in your disk
7. Input new password and then will ask you your Laptop password
8. A p12 file is generated (We need it later)

Creating New Profile

1. Navigate inside Profiles click on +
2. Distribution: Select App Store if you want to upload to the Apple Store and select Ad Hoc if you want to distribute the app without uploading to the Apple Store for example using Firebase App Distribution Center
3. Click continue, select App ID
4. Select Certificate already generated in the previous step, if you have more than one certificate you can identify from date, click continue
5. If you selected Ad Hoc you must choose devices to install the app if you selected App Store you must input the Provisioning Profile Name (SomeProfileName) and then click generate and download the profile.

Upload the New Certificate to Xcode

1. Open the Project in Xcode
2. Select Runner folder and then click on Runner Target
3. Locate Signing & Capabilities
4. In this case we will upload the same certificate for all (Debug, Release and Profile), so select All
5. Click on the dropdown menu called Provisioning Profile and upload the Profile already generated and downloaded in the previous step.

Codemagic Android + IOS Code signing

Android Code Signing

• Upload JKS file generated in the step called Generating Android Release/Debug key ( DEVELOPER ) and fill the information about the key.

iOS Code Signing

• Choose Manual
• Upload the P12 file already generated in the step 8 of Create New Certificate step and input the password generated to that file
• Upload the profile downloaded in the step 5 of Creating New Profile

Configure Firebase App Distribution

Here is the LINK of the source but also here is the step by step on how to do it. I recommend you to do it slowly.

Connect Firebase with your Google Play Console

Inside Firebase go to Project settings > Integrations > Connect Google Play. If you already have the App uploaded to Google Play you will see that the App is linked, if not no worries after upload the first release will link automatically.

Link Google Play Console with Google Cloud Platform

1. Login in to your Google Cloud Platform
2. Left panel navigate to APIs & Services
3. Click on ENABLE APIS AND SERVICES button and search Google Play and click Enable blue button
4. Left panel click Credentials and then Create Credentials > OAuth Client ID option
5. Application type: Android
   Name: Choose some name for example ( AppName-OAUTH)
   Package name (see inside android/app/src/main/AndroidManifest.xml)
6. Here is the command line to see the SHA-1 certificate fingerprint, copy paste and then create.
   keytool -keystore keystore.jks -list -v
7. Login in to your Google Play Console
8. Left panel navigate to API access inside setup and then click link existing project, if you already have an existing project maybe you need to unlink project and do it again.
9. Choose project and select, stay on this page
10. Open new tab and go to your Google Cloud Platform
11. Left panel navigate to IAM & Admin > Service Accounts
12. If you see a service named App Engine default service account (generated automatically) is the same service inside your Google Play Console. If you not see you must create new Service account (will see later)
13. Inside your Google Play Console > API access > Service Accounts click grant access to the same service account we already saw in the Google Cloud Platform.
14. Account permissions: leave it as default
    App Permissions: add permissions to your app and leave it as default then click apply and finally, Invite User blue button in the bottom right
15. And now we have connected Google Play Console and Google Cloud Platform and will allow us to manage releases through the Google Cloud Platform

Upload release from Codemagic to Google Play Console

1. Login in to your Google Cloud Platform
2. Left panel navigate to IAM & Admin > Service Accounts > Create Service account
3. Service account name (for example codemagicservice) > Create an continue
4. Select role Basic > Editor and continue and then done
5. Once created the service account right side click 3 dots and then click Manage key
6. Add key > Create new key as JSON type and download the key.
7. Login into your Codemagic account go to your workflow editor
8. Go inside Distribution > Google Play and enable Google Play publishing
9. Upload the JSON credentials already downloaded from step 6 choose the track you want to publish in Google Play Console

Add Key hashed to Facebook For Developers

The key hash must finish with = symbol (2m9Sdw1nqUcNfpN7JKIzRJhE/zk=)

1. Login into your Facebook For Developers account
2. Inside Key Hashes you must paste the following key:

• If you run your app locally you must paste your android debug key with the following command line: (The password should be android)

keytool -exportcert -alias androiddebugkeyalias -keystore debug.keystore | openssl sha1 -binary | openssl base64

• If your app will be in the store (but Google Play is not managing your release) you must paste your release key with the following command line:

keytool -exportcert -alias namealias -keystore keystore.jks | openssl sha1 -binary | openssl base64

• If your app will be in the store but you already delegated the release through Google Play Console and/or Firebase App Distribution continue with the next step:

Get the Google Play Console Key Hash for Facebook

1. Login in to your Google Play Console
2. Go to your app and then left panel select App Integrity inside setup
3. Copy SHA-1 certificate fingerprint inside App signing key certificate if you see Enabled in the top of the screen means that: Google is managing your app signing key so we need to upload this key to Facebook
4. Go to the following Page
5. Paste the SHA-1 inside Hex String and click convert
6. Copy the Output (base64)
7. Paste the Key into Facebook Key Hashes

Get the Firebase App Distribution Key Hash for Facebook

Login in to your Firebase App Distribution

For the first release you must upload manually and once you finish you will able to see the following message

1. Click View certificate
2. Copy SHA-1 certificate fingerprint
3. Do the same as above.