{"id":277,"date":"2018-09-19T15:02:16","date_gmt":"2018-09-19T23:02:16","guid":{"rendered":"http:\/\/gmrgames.com\/blog\/?p=277"},"modified":"2022-08-10T23:16:07","modified_gmt":"2022-08-11T06:16:07","slug":"how-i-learned-about-google-play-app-signing-keys","status":"publish","type":"post","link":"https:\/\/rose.dev\/blog\/2018\/09\/19\/how-i-learned-about-google-play-app-signing-keys\/","title":{"rendered":"Be careful with app signing keys"},"content":{"rendered":"\n<p>Recently, I received an email from Google Play services. &#8220;Your app has been removed from the Google Play Store for a policy violation&#8221;, or something like that. <em>How odd, <\/em>I thought. <em>I don&#8217;t remember doing anything against their terms of service.<\/em> The email revealed that I didn&#8217;t have a valid privacy policy inside the app or on the store listing.<\/p>\n\n\n\n<p><em>Oh.<\/em> <em>Right. <\/em><a rel=\"noopener\" href=\"https:\/\/eugdpr.org\/\" target=\"_blank\">The whole GDPR <\/a>thing. It was time to write some privacy policies. After doing so, I began the process of digging up old files to old apps to make the necessary changes to the code. After about 2 hours of reinstalling Android Studio (my hard drive was wiped as some readers may remember), I began the process of exporting the app from Unity to an .APK.<\/p>\n\n\n\n<p>Eventually, I was able to upload the finished .APK to Google&#8217;s servers. However, the Play Console threw an error at me; &#8220;The signatures do not match&#8221;. <em>Wait, what? <\/em>It&#8217;d been too long since I&#8217;d actually done this process. I googled the error to remind myself and broke out into a cold sweat.<\/p>\n\n\n\n<p>Apparently, you generate a .keystore file upon first creating an Android app to sign the application with. It prevents people from uploading versions that aren&#8217;t originally from you, in the event that a developer&#8217;s account got hacked or something. There was no way to recover said .keystore file if you didn&#8217;t have it anymore, meaning there was no way to <a rel=\"noopener\" href=\"https:\/\/stackoverflow.com\/questions\/4459719\/android-i-lost-my-android-key-store-what-should-i-do\" target=\"_blank\">update my app. Ever.<\/a> A full, in-depth system scan revealed no .keystore files. Luckily, with the two brain cells that were still functioning, I managed to remember that the other day I had deleted the app-which-I-was-updating&#8217;s Android version off my hard drive, because there was no real difference between the iOS and Android version, and I thought it was redundant. Perhaps it was in there?<\/p>\n\n\n\n<p>I checked my Recycle Bin and breathed a sigh of relief. I hadn&#8217;t emptied it. It was still there. Opening the folder, the first thing I saw was a &#8220;user.keystore&#8221; file at the very bottom of the file list. A quick test confirmed that was the one. <em>Phew.<\/em><\/p>\n\n\n\n<p>Apparently those things are important. Don&#8217;t lose &#8217;em, kids.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><a href=\"https:\/\/www.youtube.com\/watch?v=seKaU-qQuts\" target=\"_blank\" rel=\"noopener\">HEY, LISTEN!<\/a> It&#8217;d be really cool if you checked out the app <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.gmr.hopper\">here on the play store<\/a>, since it just got updated. \ud83d\ude09<\/p>\n<hr>\r\nIt helps me if you share this post\r\n<br\/>\r\n<br\/>\r\nPublished 2018-09-19 15:02:16 ","protected":false},"excerpt":{"rendered":"<p>Recently, I received an email from Google Play services. &#8220;Your app has been removed from the Google Play Store for a policy violation&#8221;, or something like that. How odd, I thought. I don&#8217;t remember doing anything against their terms of service. The email revealed that I didn&#8217;t have a valid privacy policy inside the app &hellip; <a href=\"https:\/\/rose.dev\/blog\/2018\/09\/19\/how-i-learned-about-google-play-app-signing-keys\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Be careful with app signing keys<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[835,921,832,833],"tags":[13,1132,1134,1133],"class_list":["post-277","post","type-post","status-publish","format-standard","hentry","category-misc","category-random","category-software","category-technology","tag-google","tag-play","tag-signing","tag-store"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/posts\/277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/comments?post=277"}],"version-history":[{"count":4,"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/posts\/277\/revisions"}],"predecessor-version":[{"id":2479,"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/posts\/277\/revisions\/2479"}],"wp:attachment":[{"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/media?parent=277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/categories?post=277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rose.dev\/blog\/wp-json\/wp\/v2\/tags?post=277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}