Can Android certificates get corrupted? I am unable to upload new Play Store App update

Question

I inherited an android app that was initially outsourced to an external developer, fixed stuff and I am now ready to send the new update to the play store. Then I found out that I need a specific signing key in order to update the app, which we got from the previous developer. So I generated a signed release apk using the key I got and tried to upload. Upon uploading, I get a pop-up with an error. see screenshot for details

We asked the developer if he was sure that was the key he used, and he swears he looked everywhere and its the only key he used. Although, I do think he might have changed the password for it..., not really sure.

Significant changes I introduced to the app is changing the package in manifest and creating product flavours which each their own package name(one of them got to keep the original package name from the play store).

Some things I noticed: When I got the app, the app manifest had an out-commented package name and a new one with our company's name in it. The original one had the name of the of the outsourcing company in place of the "example" of the "com.example.appname" bit, so they must have changed the package name when they created the release apk. I have no idea if any of this means anything because the package name is the same when I put it all in an apk... It's just that the store claims that the app was signed with a different certificate and the previous developer swears he used the same he sent to us.

Can anyone tell me if it's possible to do anything to make this work, or are we completely doomed and will have to upload a new app to the store?

Thanks for any help.

Update: Because people are asking about packagename, let me clarify. When I got the app, all the packagenames in the manifest was not the same as the one from Playstore... so i refactored the entire package app-wide to reflect the play-store package name... and then I introduced product flavours because we need a new app with different branding that is similar to the original one... so I ended with with a structure like this:

defaultConfig {
    applicationId "PlayStorePackagName"
}
productFlavors {
    brand1 {
        applicationId "PlayStorePackagName" //<- for original app
    }
    new_brand{
        applicationId "NewPlayStorePackagName" //<- for new app.
    }
}

In this case, it shouldn't matter what package name is in the manifest, should it?

Since you changed the package name, you will have to upload fresh APK with new package. Sorry. — rohitanand, Feb 10 '17 at 10:19
But I didnt change the package name.... Only internally... Does that matter? — Nikki Tune, Feb 10 '17 at 10:22
Your app is listed using your package name. Since you changed it, is treated as new application altogether. — rohitanand, Feb 10 '17 at 10:24
@Sourav But the package name in the manifest was wrong to begin with. its not the same as the one in the play store... So I changed the package name to reflect the one in the play store... and then I used productflavors to override the package name as I needed a lightly altered version for a different brand and new packagename: Basically I did something like this: `defaultConfig { applicationId "OriginalPlayStorePackagName" } productFlavors { brand1 { applicationId "OriginalPlayStorePackagName" } new_brand{ applicationId "NewPlayStorePackagName" } }` — Nikki Tune, Feb 10 '17 at 10:53
Did you wanted to use applicationIdSuffix? Can you check here? https://developer.android.com/studio/build/build-variants.html#flavor-dimensions — rohitanand, Feb 10 '17 at 11:05
No. I wanted to have one flavour be the original app with the original play store packagename... and the other to be a different app with a different packagename. — Nikki Tune, Feb 10 '17 at 11:29
If you check the documentation we use applicationIdSuffix I thik this is what you want. — rohitanand, Feb 10 '17 at 11:40

score 0 · Answer 1 · answered Feb 10 '17 at 10:23

From the docs:

When you're ready to make changes to your APK, make sure to update your app’s Version Code as well so that existing users will receive your update.

Use the following checklist to make sure your new APK is ready to update your existing users:

The Package Name of the updated APK needs to be the same as the current version.

The Version Code needs to be greater than that current version. Learn more about versioning your applications.

The updated APK needs to be signed with the same signature as the current version.

To verify that your APK is using the same certification as the previous version, you can run the following command on both APKs and compare the results:

$ jarsigner -verify -verbose -certs my_application.apk

If the results are identical, you’re using the same key and are ready to continue. If the results are different, you will need to re-sign the APK with the correct key.

You say that:

Significant changes I introduced to the app is changing the package in manifest

So this is the source of issue. You'll need to use the same package name.

But the androidmanifest package name was always "wrong"... as in.. it's not the same as the one in the playstore. So I changed the name in the manifest to reflect the one in the playstore and also set up productflavours to overwrite the package name: `defaultConfig { applicationId "originalPlayStorePackagName" } productFlavors { brand1 { applicationId "originalPlayStorePackagName" } new_brand{ applicationId "NewPlayStorePackagName" } }` ..... so is it not possible to overwrite th packagename? o.o — Nikki Tune, Feb 10 '17 at 10:31

score 0 · Accepted Answer · edited May 23 '17 at 11:45

You cannot change the package name nor the Certificate for the App for the Playstore! If you don't have the correct certificate you cannot submit your App as an update to the existing one.

Certificate checking

However you can check the information stored in your available Keystore and compare it with the current store apk. For Example:

jarsigner -verify -verbose -certs yourapp.apk

You can get more details with the keytool. See this Thread for more information.

Package name

You can check the correct package name for your app when Browsing to your App in the play store.

Example for Google Plus: https://play.google.com/store/apps/details?id=com.google.android.apps.plus

id=com.google.android.apps.plus is the package name in this case. This cannot be changed for your App

However this package name is defined by your applicationId within your App. Your structure of your app can have different package names. See here for more information.

This is probably the most correct answer. I honestly think that the key we got was either corrupt or the wrong one, because it doesn't make sense that the fingerprint would randomly change when i'm pretty sure I was using the right package name. I mean the whole point of the fingerprint is that it stays the same if you use the same configuration, no? Anyway we uploaded a new app instead. This time we baked up the key :) — Nikki Tune, Feb 16 '17 at 11:01

Can Android certificates get corrupted? I am unable to upload new Play Store App update

2 Answers2