Why App signing?
Google Play enforces a signature check when you upload your APK to the Google Play Console, so that even if someone gets access to your Play console credentials, they would still not be able to send any malicious update, if they don’t have the APK signed with correct signing key.
What options we are left with?
If you have generated your app signing key using Google Play, you can breathe a sigh of relief. If not, all you can do is change the package name and re-upload a new app.
You can check whether you have opted for Google Play signing by going to:
Play Console-> Release -> Setup -> App integrity
There you can check on top:
With Play signing enabled:
Now that you got the certainty that Google is managing your app signing key, you can do following steps:
- Create a new Keystore File.
- Generate a PEM Certificate.
- Send a request to Google to update your App signing key.
We’ll explore the following steps one by one and hopefully be able to update our app signing key —
Creating a new KeyStore File:
One easy and layman way for creating new KeyStore.jks file is going to Android Studio and generating a new signed bundle or apk. Let me show you the steps in case it’s hard for you to reminisce:
Open Android Studio -> Build -> Generate Signed Bundle/ APK
There you’ll see :
Click on “Create new” and choose a path for your new keystore.jks file
Fill all the details and click OK.
Now go to the location which you have mentioned as key store path and there you’ll see your newly created keystore.jks file.
Generating a PEM certificate:
Privacy-Enhanced Mail (PEM) is a de-facto file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF standards defining “privacy-enhanced mail.” (src: wikipedia).
To generate a certificate in PEM format download KeyStore Explorer.
Click on “Open an existing KeyStore”. There you select the keystore.jks file that you just created, enter the password that you used while creating keystore file. On the bottom you’ll see an option “PEM”. Click on it and you’ll see a new screen where you’ll have option to export the PEM certificate. Click on export and save the file with .pem extension.
Sending request to Google:
After creating PEM certificate successfully, you can go to Play Console Help.
There you can fill up a form, describe your issue(that you have lost your App signing key and wants to update it) and attach the PEM certificate that you just created.
You’ll receive an email almost quickly describing that they have received your request.
Within a couple of days, if thing go well, you’ll receive a mail stating that they have registered new upload key for your app.
Once you receive this mail, you can sign your App bundles/APKs with the newly created keystore file and will thereafter be able to update your app on Google Play Console.
Go to Play Console-> Release-> Production
Upload your updated app and create a new release.
Voila, it’s all done now. You just passed through the biggest nightmare of Android Developer. Say thanks to Google for saving your life and don’t forget going to your bed and having a sound sleep.
Do let me know if I couldn’t make myself clear or you get stuck anywhere in the process.