How to update your Android app, when you have lost app signing key?

Shubham Patwa
Jun 12 · 4 min read
Showing my painting talent through Figma !!

Why App signing?

Google Play enforces a signature check when you upload your APK to the Google Play Console, so that even if someone gets access to your Play console credentials, they would still not be able to send any malicious update, if they don’t have the APK signed with correct signing key.

What options we are left with?

If you have generated your app signing key using Google Play, you can breathe a sigh of relief. If not, all you can do is change the package name and re-upload a new app.

You can check whether you have opted for Google Play signing by going to:

Play Console-> Release -> Setup -> App integrity

There you can check on top:

With Play signing enabled:

Now that you got the certainty that Google is managing your app signing key, you can do following steps:

  1. Create a new Keystore File.
  2. Generate a PEM Certificate.
  3. Send a request to Google to update your App signing key.

We’ll explore the following steps one by one and hopefully be able to update our app signing key —

Creating a new KeyStore File:

One easy and layman way for creating new KeyStore.jks file is going to Android Studio and generating a new signed bundle or apk. Let me show you the steps in case it’s hard for you to reminisce:

Open Android Studio -> Build -> Generate Signed Bundle/ APK

There you’ll see :

Click on “Create new” and choose a path for your new keystore.jks file

Fill all the details and click OK.

Now go to the location which you have mentioned as key store path and there you’ll see your newly created keystore.jks file.

Generating a PEM certificate:

Privacy-Enhanced Mail (PEM) is a de-facto file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF standards defining “privacy-enhanced mail.” (src: wikipedia).

To generate a certificate in PEM format download KeyStore Explorer.

Click on “Open an existing KeyStore”. There you select the keystore.jks file that you just created, enter the password that you used while creating keystore file. On the bottom you’ll see an option “PEM”. Click on it and you’ll see a new screen where you’ll have option to export the PEM certificate. Click on export and save the file with .pem extension.

Sending request to Google:

After creating PEM certificate successfully, you can go to Play Console Help.

There you can fill up a form, describe your issue(that you have lost your App signing key and wants to update it) and attach the PEM certificate that you just created.

You’ll receive an email almost quickly describing that they have received your request.

Within a couple of days, if thing go well, you’ll receive a mail stating that they have registered new upload key for your app.

Once you receive this mail, you can sign your App bundles/APKs with the newly created keystore file and will thereafter be able to update your app on Google Play Console.

Go to Play Console-> Release-> Production

Upload your updated app and create a new release.

Voila, it’s all done now. You just passed through the biggest nightmare of Android Developer. Say thanks to Google for saving your life and don’t forget going to your bed and having a sound sleep.

Do let me know if I couldn’t make myself clear or you get stuck anywhere in the process.

Happy Developing!

Nerd For Tech

From Confusion to Clarification

Nerd For Tech

NFT is an Educational Media House. Our mission is to bring the invaluable knowledge and experiences of experts from all over the world to the novice. To know more about us, visit https://www.nerdfortech.org/.

Shubham Patwa

Written by

Exploring(& loving) React Native | Android Developer | NIT Patna CSE '21 | SDE Intern at OYO

Nerd For Tech

NFT is an Educational Media House. Our mission is to bring the invaluable knowledge and experiences of experts from all over the world to the novice. To know more about us, visit https://www.nerdfortech.org/.