We already have an android app deployed under Play. Is it possible to change current keystore? Reason: currently we have a development team and this team will be discarded within 1 year. I would like to know if it is possible to get 'current one' without asking them (we are owners of app - I have admin account in Play), replace this 'current one' and publish and new version of app, but using same package, same name. We intend users not to download new version, but to have it automatically updated.
Yes it's possible.
If you are using App Signing by Google Play
you are supposed to sign your bundle/apk with an Upload keystore
which you can update by contacting developer support from your account owner. In the detailed guideline it says:
If you’ve lost your private upload key, or it’s been compromised, you can create a new one, and then ask your account owner to contact support to reset the key. When contacting support, make sure your account owner attaches the upload_certificate.pem file.
On the other hand, if you are not using App Signing by Google Play
it means you are managing the Signing key yourself. In this case you still have the chance to upgrade the signing key only once in the whole lifetime of the app. Users with the previous key will be able to use and update the app with the legacy signing key and the new users will be enabled with the upgraded key. Here is what quoted in the reference:
In some circumstances, you can request an app signing key upgrade. Your new key is used to sign new installs and app updates. Your legacy app signing key is still used to sign updates for users who installed your app before the key upgrade.
Each app can only have its app signing key upgraded once in its lifetime. In the unlikely event that you have multiple apps using the same signing key specifically to run in the same process, you won’t be able to use key upgrade for those apps.
Details is explained here
I'm afraid that it's impossible. You should read more here: Google App Signing:
Instead of using Google Play App Signing, you can choose to manage your own app signing key and keystore. If you choose to manage your own app signing key and keystore, you are responsible for securing the key and the keystore. You should choose a strong password for your keystore, and a separate strong password for each private key stored in the keystore. You must keep your keystore in a safe and secure place. If you lose access to your app signing key or your key is compromised, Google cannot retrieve the app signing key for you, and you will not be able to release new versions of your app to users as updates to the original app.
To avoid losing your keystore
, the best way is using Google Play App Signing:
If you lose your keystore or think it may be compromised, Google Play App Signing makes it possible to request a reset to your upload key. If you're not enrolled in Google Play App Signing and lose your keystore, you'll need to publish a new app with a new package name.
You can now request a new upload keystore without contacting support.
- Play Store Console → All Apps → [[ Your App ]]
- Setup (tab in sidebar) → App Integrity → App Signing → Request upload key reset
- Fill in the form and select the public certificate of your keystore (.pem file)
Way to get the public key (.pem file)
- Create a new upload keystore (if you have not already) (docs)
keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks
- Generate it's public certificate (pem file) (docs)
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
Screenshots of where to find the "Request upload key reset" form:
© 2022 - 2024 — McMap. All rights reserved.