7

I have a problem where the upgrade to my apk will not install due to the above message.

I have read posts on SO that say this message happens when the app is signed with a different release key.

example post on different keys

. In my logs as i try to upgrade the apk i get the following:

04-07 13:28:03.796 2072-2072/? W/InstallAppProgress: Replacing package:com.xxx.rr3

04-07 13:28:04.326 3675-3845/? W/PackageManager: verifying app can be installed or not

04-07 13:28:04.378 3675-3845/? W/PackageManager: Package com.xxx.rr3 signatures do not match the previously installed version; ignoring!

. The orginal app was has been in production for over 4 years and was written using Eclipse, which is installed on my old hard drive.

6 months ago my boss bought me an SSD drive and i installed Android Studio. I migrated the old project and it builds fine and it will install on to a device that doesn't have the previous version installed.

I copied the keystore from my old hard drive to my new SSD and I use it to sign the new version of the app in Android Studio. So i have only ever used the one same keystore, with the same passwords and alias.

Can anyone tell me why Android is saying my upgrade is signed with a different key?

[UPDATE1]

I have extracted the CERT.RSA for both old and new apk. They both use the same keystore and keys but i noticed i was using the wrong release alias. Below is the fingerprints for both apks the top one is the old one the bottom, the new one.

C:\OpenSSL-Win64\bin>keytool -printcert -file CERT.RSA
Owner: CN=matthew womersley, OU=dev, O=carefreegroup, L=wakefield, ST=west yorkshire
Issuer: CN=matthew womersley, OU=dev, O=carefreegroup, L=wakefield, ST=west yorkshire
Serial number: 6144ad2c
Valid from: Fri Jan 11 08:55:29 GMT 2013 until: Thu May 14 09:55:29 BST 3012
Certificate fingerprints:
         MD5:  50:63:5E:54:9D:D3:C4:71:A9:4E:3C:F4:27:9E:50:CA
         SHA1: 7C:2C:DB:7E:92:D2:01:46:43:8D:D2:B9:A4:D2:B0:F4:85:E7:16:D9
         SHA256: 38:64:89:4D:A2:37:72:AA:CE:90:5E:34:46:B9:D0:A4:CA:18:B7:07:7A:E2:DB:1D:7C:60:CD:70:F6:77:C5:FF
         Signature algorithm name: SHA256withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3F 95 E8 FA 36 5B 26 07   33 72 8B 09 37 0C 18 C5  ?...6[&.3r..7...
0010: 3B 5A 19 42                                        ;Z.B
]
]


C:\OpenSSL-Win64\bin>keytool -list -keystore .keystore
keytool error: java.lang.Exception: Keystore file does not exist: .keystore

C:\OpenSSL-Win64\bin>keytool -printcert -file CERT.RSA
Owner: CN=matthew womersley, OU=dev, O=carefreegroup, L=wakefield, ST=west yorkshire
Issuer: CN=matthew womersley, OU=dev, O=carefreegroup, L=wakefield, ST=west yorkshire
Serial number: 6144ad2c
Valid from: Fri Jan 11 08:55:29 GMT 2013 until: Thu May 14 09:55:29 BST 3012
Certificate fingerprints:
         MD5:  50:63:5E:54:9D:D3:C4:71:A9:4E:3C:F4:27:9E:50:CA
         SHA1: 7C:2C:DB:7E:92:D2:01:46:43:8D:D2:B9:A4:D2:B0:F4:85:E7:16:D9
         SHA256: 38:64:89:4D:A2:37:72:AA:CE:90:5E:34:46:B9:D0:A4:CA:18:B7:07:7A:E2:DB:1D:7C:60:CD:70:F6:77:C5:FF
         Signature algorithm name: SHA256withRSA
         Version: 3

I specified the correct releasealias when clicking on 'Generate Signed Apk' but there is still an error albeit different.

The package conflicts with an existing package by the same name

. I have tried to build the new apk manually, using the following link:

link

C:\Users\mattheww\StudioProjects\nfcscanner3>gradlew assembleRelease
Downloading https://services.gradle.org/distributions/gradle-2.14.1-all.zip


Unzipping C:\Users\mattheww\.gradle\wrapper\dists\gradle-2.14.1-all\8bnwg5hd3w55iofp58khbp6yv\gradle-2.14.1-all.zip to C:\Users\mattheww\.gradle\wrapper\dists\gradle-2.14.1-all\8bnwg5hd3w55iofp58khbp6yv

FAILURE: Build failed with an exception.

* Where:
Build file 'C:\Users\mattheww\StudioProjects\nfcscanner3\app\build.gradle' line: 1

* What went wrong:
A problem occurred evaluating project ':app'.
> java.lang.UnsupportedClassVersionError: com/android/build/gradle/AppPlugin : Unsupported major.minor version 52.0

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output.

BUILD FAILED

Total time: 29.982 secs

.

If the keystore and fingerprints match on both apps, can anyone explain why the new app still will not upgrade?

[UPDATE 2]

I have just remembered that when i imported the Eclipse project into Android Studio, it would not build correctly. There was a problem with the Appication Object. My Appication Object is called NfcScannerApplication and i have a class implemented by the same name (which is also described in the manifest).

Once imported into Android Studio, built and pushed on to a device, Android said it could not find the Application class. so i used the following code which seemed to solve the problem.

public static NfcScannerApplication getRealApplication (Context applicationContext)
    {
        Log.e(TAG, "inside NfcScannerApplication getRealApplication");
        NfcScannerApplication application = null;

        if (applicationContext instanceof NfcScannerApplication)
        {
            application = (NfcScannerApplication) applicationContext;
        }
        else
        {
            Application realApplication = null;
            Field magicField = null;
            try
            {
                magicField = applicationContext.getClass().getDeclaredField("realApplication");
                magicField.setAccessible(true);
                realApplication = (Application) magicField.get(applicationContext);
            }
            catch (NoSuchFieldException e)
            {
                Log.e(TAG, e.getMessage());
            }
            catch (IllegalAccessException e)
            {
                Log.e(TAG, e.getMessage());
            }

            application = (NfcScannerApplication) realApplication;
        }

        return application;
    }



    // the above method is commented out and this is used
    //because the migration process from Eclipse to Android
    //needed it. see below
    //https://stackoverflow.com/questions/36495954/bootstrapapplication-cannot-be-cast-to-applicationclass

It uses reflection to get the Application class. Could this be the reason why even though i'm using the same keystore etc, Android thinks there is a different app on the device with the same name?

[UPDATE 3] I seem to have found the problem. :) I have a ContentProvider that gets the Application Context when the app is first loaded. I call getContext and cast it into my Application class.

What i do now is call getContext.getApplicationContext() and it works fine now. Below is the code i use now and the old code iscommented out above.

//old code
//Context context = getContext();
      //nfcAppObj = (NfcScannerApplication) getContext();


//new code
       Context applicationContext = getContext().getApplicationContext();
       nfcAppObj = getRealApplication(applicationContext);
Community
  • 1
  • 1
turtleboy
  • 7,612
  • 27
  • 93
  • 187
  • are you sure that keystore is correct? if you're sure i think shomehow your keystore is curropted. you can chek this link. http://stackoverflow.com/questions/13535424/android-keystore-stopped-working – savepopulation Apr 11 '17 at 08:24
  • @turtleboy Are you signing the build in release or debug mode in Android Studio? – Anurag Singh Apr 11 '17 at 13:06
  • @savepopulation Hi, i saved a copy of the original keystore on my server 5 years ago. Earlier today i downloaded that keystore and pointed Android Studio to it. Unfortunately i still get the same message. So i don't think my local copy of the keystore was corrupt. – turtleboy Apr 11 '17 at 13:38
  • @AnuragSingh Hi, i have specify a buildType of release in gradle. In nAndroid studio and click on Build->Generate Signed Apk. From here i specify the keystore and passwords. This generates my apk – turtleboy Apr 11 '17 at 13:42
  • @turtleboy its sign error you need to sign APK using APKSigner V2 you will find in this link http://stackoverflow.com/questions/42605171/android-signed-apk-showing-as-unsigned-apk-when-trying-to-upload-to-production/42622423#42622423 – Piyush Patel Apr 11 '17 at 13:50
  • Perhaps you already checked, but do you have anything different as applicationId in the gradle module? or anything different between gradle and the manifest you used in the eclipse – Juan Apr 18 '17 at 17:16
  • Another trivial check. Are you sure the installed apk, where you actually test and get the error message, is the old apk you checked the CERT on, and not a different version or a debug version? – Juan Apr 18 '17 at 18:25
  • @Juan I've updated my question. I awarded the bounty to you, but would you mind having a look at update 2? – turtleboy Apr 19 '17 at 14:50
  • @Juan I've updated the thread again. I have got it working now. Thanks for your suggetsions. :) – turtleboy Apr 19 '17 at 15:33
  • Great! Your are welcome. – Juan Apr 19 '17 at 15:41
  • @turtleboy I wonder, how the change in application logic could fix the installation problem? Can you comment a bit more on this? I have the same problem, but my app is generated by Cordova, so I have no control over java source code... – C-F Sep 30 '19 at 04:53

3 Answers3

0

Publish your signed apk to the play store in beta or alpha section if the play store refuse your apk that's mean your keystore is not the original key.

If play store accepted your apk then try to update your installed apk from play store.

If your app not listed on play store you can pull your previous apk from the device and compare both APKs signature SHA1

to get SHA1 of the apk How do I find out which keystore was used to sign an app?

Community
  • 1
  • 1
amorenew
  • 9,874
  • 8
  • 40
  • 64
  • Hi we do not use the Play Store because the apk has a dependency on the server application and some of our 300 customers could be on different versions of the server app. So i decided to host the apk on our private server so we have control which company's phones upgrade once they have had a server app upgrade. – turtleboy Apr 11 '17 at 13:35
  • pull the apk from the emulator then check both apks SHA1 – amorenew Apr 11 '17 at 13:37
0

Unless you do something special, when you click the "Play" button in Android Studio it will use a temporary, AS specific debug key to sign the app and then it will install it to your device.

Eclipse did something very similar.

If you're talking about using Android Studios "Generate Signed APK" then try the following debug steps:

  • Install the apk through adb manually, see if the error still occurs.
  • Sign the apk yourself through gradle, see if the error still occurs.

If both of these steps don't work, I think it's reasonably safe to assume you're not using the same key you were previously.

Graeme
  • 24,857
  • 23
  • 121
  • 182
0

If you have the old apk you can use this to get the details of the cert used to sign it. (Extract the CERT.RSA file from the apk -unziping it-, then running the openssl aplication on that file.)

unzip -p App.apk META-INF/CERT.RSA |openssl pkcs7 -inform DER -noout -print_certs -text

Then use keytool (that comes with java) to list the certificates from your key store, and see if you find a match, or if the certificate you think is the correct really matches.

For your reference:

Getting certificate details from an apk

How do I find out which keystore was used to sign an app?

Community
  • 1
  • 1
Juan
  • 5,291
  • 2
  • 13
  • 25