installation app blocked by play protect

Asked 28/6, 2018 at 10:36 Answered 9/1 at 20:36

Solved android signature google-play-protect

162

When trying to install a signed application (app-release.apk), a "Blocked by Play Protect" alert is shown and the app is not installed. However, an unsigned application (app-debug.apk) can be installed without problems.

The error message:

Play Protect doesn't recognise this app's developer. Apps from unknown developers can sometimes be unsafe.

Why this error happened? What's the solution?

image of Error

Yiddish answered 28/6, 2018 at 10:36 Comment(4)

I also faced same issue with my app. Though my google account got suspended when I tried to publish my app. What I realize that google update play protect check list with suspended package name and afterward if you try to install same package name, play protect start giving fake warning. I created a new app with suspended package name and only main activity and no other code added. Signed with suspended apk keystore and tried to install. Amazingly play protect showed harmful alert as show in your question. I also tried to make new package with all classes of suspended app but no alert by play. – Alarm 6/12, 2018 at 3:0

See the solution here: https://mcmap.net/q/151908/-play-protect-does-not-recognize-this-app-39-s-developer – Melvamelvena 4/3, 2019 at 10:16

the same problem for me but found other Keystore that not even published app to google play, sign app correctly, and this dialog not appear! even if you create a new app has the problem out of the box. I have multiple applications and other Keystore works correct with my new app! I don't know how to google decide the developer of apps unknown! I never have a google play console account. – Waybill 24/5, 2020 at 14:1

have you found the root cause of the issue? – Slash 17/6, 2021 at 7:57

I found the solution: Go to the link below and submit your application.

Play Protect Appeals Submission Form

After a few days, the problem will be fixed

Yiddish answered 8/7, 2018 at 14:54 Comment(9)

@MostafaAzadi What was the exact reason? – Psychoactive 1/8, 2018 at 19:18

if you're not using SSL , and enabled plaintext communications on manifest, that's the reason. – Tullusus 23/10, 2018 at 16:37

if you have a problem by URL to download your APK file , this is helful : https://mcmap.net/q/151909/-how-to-get-the-url-for-my-app-39-s-apk-google-play-protect-appeal – Yiddish 9/6, 2019 at 10:54

@Tullusus Are you absolutely sure the issue is because of cleartext communications? So removing android:usesCleartextTraffic="true" should solve the issue right? Thanks. – Deutsch 4/11, 2019 at 9:8

@Deutsch if remove android:usesCleartextTraffic="true" , app crashed in android 9 – Yiddish 4/11, 2019 at 10:17

@MostafaAzadi Except if I replace all HTTP calls with HTTPS right? – Deutsch 4/11, 2019 at 10:30

Hello. I cannot submit my app to appeal for Play protect. How to upload the apk? I am getting an email saying that the apk cannot be downloaded, although I am providing direct download links via GitHub. – Zealand 17/11, 2019 at 16:50

why we provide then apk which we dont want to give them ? i have already apps on play store with same account which i have signed in android studio but this one i dont want to and also dont want to provide them apk as well . Any other solution ? – Windham 7/4, 2020 at 19:36

link is broken now – Choroid 31/1, 2023 at 16:56

There are three options to get rid of this warning:

You need to disable Play Protect in Play Store -> Play Protect -> Settings Icon -> Scan Device for security threats
Publish app at Google Play Store
Submit an Appeal to the Play Protect.

Armyworm answered 18/4, 2019 at 10:54 Comment(0)

Try to create a new key store and replace with old one, then rebuild a new signed APK.

Update: Note that if you're using a http connection with server ,you should use SSL.

Take a look at: https://developer.android.com/distribute/best-practices/develop/understand-play-policies

Kele answered 29/6, 2018 at 18:24 Comment(10)

I create a new key store,first is good and no error but after one day show same error – Yiddish 30/6, 2018 at 4:11

Maybe it is because of the max validity of most purchased certificates is around last years. Set expiration date greater than 50 years. – Kele 30/6, 2018 at 4:44

I created this app this month and i set validity(years) of signature 25 years – Yiddish 30/6, 2018 at 7:30

@MostafaAzadi , Amirhosein I have same problem here. have you found anything? – Psychoactive 5/7, 2018 at 8:57

This started happening with our app as well, no clue yet on how to solve it other than turning off Google Play Protect in the Play Store - which isn't really a solution for all our Beta users. – Bedight 5/7, 2018 at 14:52

Yeah, it seems ridiculous. What's worse is that I only get this popup the first time I install the application. Even if I accept it and install it, on the next install it logs "Installation blocked silently" and I get an "App not installed" message on the UI. At that point, only disabling Play Protect altogether or clearing Play Store data from settings gets me the popup again. This is happening with a key that we've generated with the same script as dozens of our other apps that are in the Play Store and working fine. – Bedight 5/7, 2018 at 15:36

@Kele Thanks for your answer. my app is not even published to playstore yet. So it couldn't be play store policy violation. I have this problem with only one of my sign keys (which is not released yet) And zsmb13 has this problem with their released app. also please describe how non-ssl communication triggers play protect before even running the app for the first time. – Psychoactive 7/7, 2018 at 6:11

Its worked for me!!! old sign file has problem and I create new sign then problem solved!!! Thanks. – Eruptive 17/7, 2018 at 5:45

@MasoudMokhtari I have the same problem. can u show me the sign command that you have used and the validity? – Prothrombin 19/7, 2019 at 1:33

@MoHammaDReZaDehGhani That's because we live in Iran. – Mercurous 16/1, 2021 at 8:33

Google play finds you as developer via your keystore.

and maybe your country IP is banned on Google when you generate your new keystore.

change your IP Address and generate new keystore, the problem will be fixed.

if you didn't succeed, use another Gmail in Android Studio and generate new keystore.

Inglorious answered 11/7, 2018 at 12:24 Comment(3)

Did you do this stuff? cause i have this problem and my applications has authenticate from Iran and can not send application from appeal , ( they cant test it ) , so how can i solve it? thanks dude – Indiscrete 7/8, 2018 at 9:9

It didn't work for me! I use keytool for creating keystore – Drouin 10/9, 2018 at 6:52

that's not solution because new keystore banned after some day too . best way submit app in appeal google protect site. – Mutilate 14/11, 2020 at 6:14

I am adding this answer for others who are still seeking a solution to this problem if you don't want to upload your app on playstore then temporarily there is a workaround for this problem.

Google is providing safety device verification api which you need to call only once in your application and after that your application will not be blocked by play protect:

Here are there the links:

https://developer.android.com/training/safetynet/attestation#verify-attestation-response

Link for sample code project:

https://github.com/googlesamples/android-play-safetynet

Iatrogenic answered 12/6, 2019 at 5:3 Comment(4)

@Windham ofcourse it works all of my colleagues are using this api to solve the problem we have handed over more than 20 different apks to clients until now and it works perfectly – Iatrogenic 8/4, 2020 at 5:16

I am banging my head into the walls at this point. I have followed the above links and I am also getting a successful response after attestation but the blocked by play protect does not seem to go away. Is there anything I could be doing wrong and are you sure this workaround works right now? – Zachery 1/10, 2021 at 10:46

@SaddaHussain it still works you must be doing something wrong make sure that you're not calling the api with a different package and then changing your app signature later the api needs to be called only once from your main activity and after that your app will not be blocked anymore – Iatrogenic 4/10, 2021 at 17:27

Thanks for the response Patel, this is what I am doing. I have enabled the device verification API. Package name and app id are the same. I am calling the API in the main activity. making a signed APK and installing that app and getting the play protect warning. After installation, I am getting the success result on the main activity. I am uninstalling the app and reinstalling the same apk and still getting play protect warning. What am I doing wrong? – Zachery 5/10, 2021 at 4:18

the only solution worked for me was using java keytool and generating a .keystore file the command line and then use that .keystore file to sign my app

you can find the java keytool at this directory C:\Program Files\Java\jre7\bin

open a command window and switch to that directory and enter a command like this

keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

Keytool prompts you to provide passwords for the keystore, your name , company etc . note that at the last prompt you need to enter yes.

It then generates the keystore as a file called my-release-key.keystore in the directory you're in. The keystore and key are protected by the passwords you entered. The keystore contains a single key, valid for 10000 days. The alias is a name that you — will use later, to refer to this keystore when signing your application.

For more information about Keytool, see the documentation at: http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

and for more information on signing Android apps go here: http://developer.android.com/tools/publishing/app-signing.html

Chadburn answered 27/1, 2019 at 17:20 Comment(2)

if there is a downvote i like to know why. if i'm doing something wrong i like to know – Chadburn 28/1, 2019 at 10:13

It didn't solve my issue unfortunately, I guess there are several use-cases leading to the same issue – Gombach 16/6, 2021 at 16:16

If you are using some trackers like google analytics or amplitude and you are trying to release your app in another platforms other than Google Play, this errors appears for users. So there are two possible solutions:

Use special trackers in your app (firebase and appmetrica are tested and are ok)
Release your app in Google Play

Scamper answered 4/2, 2019 at 11:6 Comment(0)

it is due to expired of debug certificate simply delete the debug.keystore located at

C:\Users\.android\

after that build your project the build tools will regenerate a new key and it will work fine. here is a reference:

https://developer.android.com/studio/publish/app-signing

Pleasurable answered 15/2, 2020 at 15:23 Comment(0)

There is no very precise way to solve this problem, but the following tasks can be effective in solving the problem

Click Invalid Caches/Restart
Do the login process of Android Studio
Click generate signed Bundle / APK
Fill in all the "generate signed Bundle" information completely.
Do not use the same password. Make sure your passwords are different in "generate signed Bundle" different. Preferably enter the address of America with the code 01
It is probably sensitive to Persian, so it is better not to write in Persian in the program. Write the program menu in English and make it Persian in the next updates
Remove extra permissions
Finally, go to the site below and request a troubleshooting https://support.google.com/googleplay/android-developer/answer/2992033?hl=en
Fill in the first and last name correctly
Upload the installation file, for example, in Dropbox, and copy the link
If you are using Dropbox, be sure to change the number zero at the end of the link to one, then submit it or use link shortening sites.
If your request is not approved, shorten the link of the installation file, for example, using the https://bit.ly site

In the description section, explain the problem. For your convenience, I will leave a sample text for you :

 Greetings to the esteemed Google Team

 I am sending this request to fix the "Blocked by Pay Protect" error

 ****{Write your app info and your reasons}****

 Fast, simple, free and lightweight, no annoying ads ,This app does not collect and store user data! 
 Also, no unnecessary cost is imposed on the user and is completely free , It 
 also certifies that this app does not harm user privacy and is not harmful to users

 Thank you

If you did not receive the confirmation email, repeat the request again a few days later

Licentiate answered 12/9, 2021 at 7:49 Comment(1)

Thank you so much for your help. I am truly grateful. – Contrition 17/2 at 19:1

the solution lies in creating a new key when generating the signed apk. this worked for me without a fuss.

click on Build
click generate signed Bundle/APK...
choose either Bundle / APK (in my case APK) and click Next
click on create new (make sure you have a keystore path on the machine)
after everything, click finish to generate your signed apk

when you install, the warning will not come.

Spelt answered 29/12, 2018 at 11:28 Comment(0)

I solved this problem by changing my application package name according to signature certificate details. At first I created application with com.foo.xyz but my certificate organization was 'bar'. So I change my package name to com.bar.xyz and now there is no google play protect warning!

Gore answered 12/2, 2021 at 18:25 Comment(0)

Try the old certificate
I found one of them on github (created before 2017)
https://github.com/patrickfav/uber-apk-signer/blob/main/src/main/resources/debug.keystore
It works for me
In gradle:

signingConfigs {
    certificate {
        storeFile file('debug.keystore')
        storePassword "android"
        keyAlias "androiddebugkey"
        keyPassword "android"
    }
}

...

signingConfig signingConfigs.certificate

Geostatic answered 4/4, 2023 at 4:53 Comment(0)

If there were hardware changes, try to re-download or re-create jks file.

I also faced such problem, it occured after moving my SSD from one PC to another. This gave a hint that there were no need to send the app to Google for verification: an old apk file was installing with no warning. So I replaced an android.jks on my hard drive with the one from the cloud, created a signed apk and the problem has gone.

Balkanize answered 23/11, 2021 at 13:31 Comment(0)

This error usually happens if you try to install an app from .apk file. The first thing you can do is to disable Play Protect from the inside of Play Store app in your phone:

Open Google Play Store app --> Play Protect --> Click Settings Icon on the top --> Disable scanning apps for security

Note: It is recommended that you enable it back again after finishing installation for security purposes.

Now after this you should be able to install the app. If you still receive error saying something like Error, app was not installed when you click on the .apk file, it means you have installed version of that app already. Uninstall the app first then you can install the app from .apk file without problem.

Burma answered 22/12, 2022 at 0:3 Comment(0)

1. open this link and click the File an Appeal button. (Note that if you are in certain countries, you must use a good VPN, otherwise, the form will not be displayed for you and will be redirected to another page)

2. fill in the requested items:

Email Address: [email protected]
Developer name: SomeName
Application package name: com.exmaple.application
SHA256: the easiest way to get the SH265 code is to use the virustotal
Additional information to support your appeal: provide a general description of the application and if your application has special access to the user's device, explain it fully.

3. in this link you can check your application submission process

Darbies answered 9/1 at 20:36 Comment(0)

-1

Update: The following method doesn't work anymore.

Not the solution, but you can use debug key for signing release builds to avoid blocking the installation from Google Play Protect. It looks like Play Protect doesn't warn for builds signed with automatically generated debug.keystore.

Note that your debug builds are not unsigned, they are just signed with a debug key.

Of course, you cannot use the build for production distribution (Google Play, Amazon, etc.), but it's still worth for pre-production internal testing which requires a high-frequency feedback loop.

You can add a task to build release with debug.keystore by adding the configuration in build.gradle, something like:

android {
  buildTypes {
    // add after the `release` definition
    releaseDebugKey { initWith release }
  }

  signingConfigs {
    // use debug.keystore for releaseDebugKey builds
    releaseDebugKey { initWith debug }
  }
}

then execute ./gradlew assembleReleaseDebugKey to build a release build with debug key.

Selfmade answered 11/4, 2019 at 4:33 Comment(0)

-2

I kept getting this issue after installing my app on a real device for debug.

And the problem was that I had android:exported="true" attribute present on the main activity in manifest file. I removed it and Play Protect warning disappeared.

Dictograph answered 29/4, 2022 at 15:46 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags