28

I've just now started using app bundles. I've set the two certificates in the App signing section of the dashboard (signing certificate and upload certificate).

I've built an app bundle and signed it with the upload certificate, but when I upload the bundle under Android Instant Apps (which is in fact the reason I switched to app bundles) it says that:

Your Android App Bundle is signed with the wrong key. Ensure that your app bundle is signed with the correct signing key and try again: xx:xx:xx:xx.....

I've manually checked the SHA-1 of the upload keystore (using keytool in the terminal) and it matches the xx:xx:xx.... it says in the error message.

What am I doing wrong? The app bundle IS signed with the required upload certificate, but google play doesn't seem to like it.

Ideas?

AndreiBogdan
  • 10,858
  • 13
  • 58
  • 106
  • Maybe your app bundle signing key is different from the original app signing key? – just Jan 22 '19 at 19:07
  • yes it is. the last apk I signed is signed with another key, but that's why i defined signing and upload keystores, I have the signing key to google to let it sign the apks in my place and i'm using the upload key to sign it and give it to google. now .. why does google not like the upload keystore ... beats me ?! Or isn't that the way it's supposed to work? – AndreiBogdan Jan 22 '19 at 19:08
  • I've tried signing the bundle with the original keystore, which I've been using for the apks until now, but it still doesn't like it. – AndreiBogdan Jan 22 '19 at 19:09
  • Well, I think the best way is to ask Google play support. As far as I know, you need to sign the bundle with the same key as the main apk. – just Jan 22 '19 at 19:12
  • I've tried, it still won't accept the app bundle... :( – AndreiBogdan Jan 22 '19 at 19:13
  • For my case i migrated to a new device and i forgot to save the upload key so what options do i have? – Bright Jan 26 '22 at 09:40

9 Answers9

24

The solution was a very basic one. I had to clean my project and then rebuild it.

Android Studio was signing my app bundle with the old certificate i was using.

What I did previously is go to Build -> Generate Signed Bundle / APK and i changed the jks file in the file selector to the new upload jks. It seems Android Studio caches the old certificate path and uses it even though I've selected a new one. Might be a bug in AS.

So yeah ... now if I clean the project every time i change the jks file it works, the apk or app bundle gets signed with the proper certificate...

AndreiBogdan
  • 10,858
  • 13
  • 58
  • 106
  • word for me ! thanks a lot ! i used react native with web-storm gradlew bundleRelease with not success, then used android studio which work great for me ! – Jeffrey Oct 15 '20 at 12:58
  • Nope that did not work for me. Last week I uploaded no problem. Made a minor bug fix yesterday, no other changes at all, google says "Your Android App Bundle is signed with the wrong key". No notifications, no emails from them that something has changed. – Gerry Apr 07 '21 at 15:58
  • This also works on Flutter framework. Running flutter clean then rebuilding the application bundle solves the issue. – Marcos Maliki Jun 20 '21 at 14:08
12

I see there are an answer but in my case I forgot to remove

debuggable = true

from app build.gradle

Sholastik
  • 141
  • 1
  • 5
10

I tried using the multiple answers here & in this question, but somehow I was getting this error because I had some issues with my android/app/build.gradle and android/gradle.properties files.

Two things you should check (in addition to the other solutions here) are:

  1. In android/gradle.properties and android/app/build.gradle, make sure your keystore variables match exactly.
    • In android/gradle.properties, you probably have something like this: 
      MYAPP_RELEASE_STORE_FILE=<>
MYAPP_RELEASE_KEY_ALIAS=<>
MYAPP_RELEASE_STORE_PASSWORD=<>
MYAPP_RELEASE_KEY_PASSWORD=<>
    • Make sure these variable names exactly match those in android/app/build.gradle: 
      android {
    ...
    signingConfigs {
        release {
            if (project.hasProperty('MYAPP_RELEASE_STORE_FILE')) {
                storeFile file(MYAPP_RELEASE_STORE_FILE)
                storePassword MYAPP_RELEASE_STORE_PASSWORD
                keyAlias MYAPP_RELEASE_KEY_ALIAS
                keyPassword MYAPP_RELEASE_KEY_PASSWORD
            }
        }
    }
}
  2. In android/app/build.gradle, make sure you set signingConfig to signingConfigs.release in your release buildTypes: 
    android {
    ...
    buildTypes {
        debug ...
        release {
            signingConfig signingConfigs.release
        }
    }
}

Note: If you're doing react-native development and found yourself here, make sure you follow all steps on "Publishing to Google Play Store". I thought I could skip a few steps without causing problems, and that led to hours of debugging

Blundering Philosopher
  • 6,245
  • 2
  • 43
  • 59
7

In my case the issue was Android App bundle, I had forgotten to increment the versionCode for the project and it was not showing that error on the console. Instead, it was showing the error related to certificate SHA.

Aimanzaki
  • 566
  • 6
  • 9
  • This solved my issue building from Unity. Not only updating "Bundle Version Code" but also "Version" helped solve this. – Egil Sandfeld Jun 26 '19 at 14:13
  • I didn't forget to change the version code, but I did it a second time and was able to upload. Upvote this solution, and damn google for such an incredibly misleading error message. – Gerry Apr 07 '21 at 16:14
4

After a little bit of searching, I found that I accidentally had testCoverageEnabled true in my release build type.

release {
    testCoverageEnabled true
    ...
}

This will make the APK / App Bundle debuggable, and Google Play Console will consider it's not signed. Removing this resolved the issue.

nhoxbypass
  • 9,695
  • 11
  • 48
  • 71
  • Thanks! it help. Why google not publish any docs about this? You save me hours of search! – Tal May 02 '20 at 09:16
2

App bundles are just signed using the same format as jarsigner. So you can check the cert hash of your app bundle signature yourself. For example, on linux:

zipinfo -1 ${APK?} \
    | grep -E "META-INF/.*(RSA|DSA|EC)$" \
    | xargs -I{} unzip -p ${APK?} {} \
    | keytool -printcert

If the output from this shows a signature that does match the correct signing key, then there is a bug in Play store, and you should escalate to Play Console support. This is available on the help menu on the Play Console.

On the other hand, if the certificate doesn't match, then even though you think you are signing with the right keystore/key you are doing something wrong, and the app bundle is not signed with the correct upload certificate.

Nick Fortescue
  • 13,530
  • 1
  • 31
  • 37
1

I faced this error because :-

  1. I created a new key for testing and then generate a app bundles/apk
  2. That apk/app bundle had some error so after resolving that error again I created a new key and made a brand new app bundles/apk in which this error occur

so if you did something like this then try to provide a path of first key made with project ,in key store path with same Password and same key alias

This will work because we can only have a one key for a project which is the first key generated. and every time when you want to make a apk/app bundles of your app for publishing/updating purpose you have to provide a same key and password therefor it is highly recommended to store key on safe place

Note:- in some cases(if you already have multiple failed tries) you may face something like "you already have one with same version" error on play store console in that case, in build.gradle file just increment versionCode and versionName no by one and regenerate apk/app bundles

PRANAV SINGH
  • 1,000
  • 11
  • 17
1

In my case, I upload the wrong application with the same name. Just make sure you upload the same applicationId than previous one.

Samuel Surya
  • 433
  • 5
  • 10
1

For me, what went wrong was that, in my google play console, I had already opted in to play app signing, so when I first uploaded the aab, google registered and signed my app for subsequent releases. This means if i upload another aab, the signed certificate will be different from the one google signed.

I needed to delete this so I upload another aab. In other to do this, I had to click on my profile and select manage developer accounts. I saw the drafts of my aab google has signed, I deleted this so that I can generate and reupload another one.

When I deleted it, I then generated another aab from my android studio and uploaded it again to my google play console. This time, it did not give me the warning for wrong signing key

Sterlingking
  • 190
  • 1
  • 6