Search Unity

  1. Calling all beginners! Join the FPS Beginners Mods Challenge until December 13.
    Dismiss Notice
  2. It's Cyber Week at the Asset Store!
    Dismiss Notice

Android App Signing by Google

Discussion in 'Android' started by AgusB, May 18, 2017.

  1. AgusB

    AgusB

    Joined:
    Jun 20, 2013
    Posts:
    65
  2. lindsaytalbot

    lindsaytalbot

    Joined:
    Sep 11, 2015
    Posts:
    28
    I would also like to know how this works. We can't risk testing this with our live product until we know more as it's non-reversible process
     
  3. SaltwaterAssemnly

    SaltwaterAssemnly

    Joined:
    Mar 8, 2016
    Posts:
    82
    Any news on this?
     
  4. robdil

    robdil

    Joined:
    Nov 12, 2013
    Posts:
    6
    Any news? I did opt-in thinking it would simplify things and instead it completely messed up my working pipeline: now I am only publishing on iOS and alternative android stores... :oops:!
     
  5. Yury-Habets

    Yury-Habets

    Unity Technologies

    Joined:
    Nov 18, 2013
    Posts:
    1,072
  6. Suduckgames

    Suduckgames

    Joined:
    Nov 28, 2016
    Posts:
    151
    I just upload a new apk with this feature enable for alpha testing to google play, At first the only problem that I found was that I was still singing with the key on Unity, I just erase my signing data on unity, build it again and it worked

    P.D: My keystore was already created by android studio
     
  7. Cascho01

    Cascho01

    Joined:
    Mar 19, 2010
    Posts:
    1,129
    Hey,

    I signed in to Google Play App Signing to Alpha-Test my Android App (my first entry for the Playstore) and ran into serious problems:

    The first uploaded version worked fine.
    Current uploads also get accepted by Google, but after Download the app does not start anymore.

    It must be an issue with my signing keys.
    As far as I remember I did not get an uploadkey from google and so I still sign my apk with the keys set up in unity.

    The best part is, when I hit Build&Run in Unity the apk gets build but the app does not start on the phone anymore.

    Any help is very welcomed.

    Thanks
    Carsten
     
  8. Yury-Habets

    Yury-Habets

    Unity Technologies

    Joined:
    Nov 18, 2013
    Posts:
    1,072
    @Cascho01 the logcat in both cases would be helpful.
     
  9. BrainAndBrain

    BrainAndBrain

    Joined:
    Nov 27, 2014
    Posts:
    100
    I'm also wondering about this. It seems that in order to generate the upload key, I need to use an Android Studio project. Is this something that can be done without generating the project?
     
  10. reedny

    reedny

    Joined:
    Mar 4, 2017
    Posts:
    56
    I created an upload key with keytool from JDK (no Android studio needed), and that has worked fine so far (dev builds and app working in play store):
    Code (CSharp):
    1. jdk1.8.0_111\bin\keytool -genkey -v -keystore spinpaint_upload.keystore -storepass <your password> -alias <your key alias> -keyalg RSA -keysize 2048 -validity 10000 -dname "C=<country>, ST=<state>, L=<city>, O=<organization>, OU=<org unit>, CN=<you>"
    2.  
    Modify anything above in <> as needed.

    I always use the upload key in Unity to sign APKs. The only thing is when you install your app from the Play Store you need to uninstall it first on the phone since the store APK will have a different signing key that Google keeps safe.
     
  11. BrainAndBrain

    BrainAndBrain

    Joined:
    Nov 27, 2014
    Posts:
    100
    Thanks for the info!
     
  12. Entertaiment-channel

    Entertaiment-channel

    Joined:
    Mar 4, 2015
    Posts:
    4
    any one can create youtube tutorial for this
    Enroll your app in Google Play App Signing
    coz i a bit confuse how to enroll it
     
  13. Steven-1

    Steven-1

    Joined:
    Sep 11, 2010
    Posts:
    310
    I take it that means it does work correctly together then?
    You can use the key created with Unity (and signed in Unity) with "Google Play App Signing"?
    (which was what the original poster was asking I think)

    I've never released a game on android / ios, and a such I'm not familiar with all that app signing stuff. I'm doing my best in trying to understand it all.
     
    Entertaiment-channel likes this.
  14. mrbtuts

    mrbtuts

    Joined:
    Dec 24, 2017
    Posts:
    1
    Never mind @Steven-1. Like @Yury-Habets said what OP asked in this thread is unrelated to how build process of Unity works so the thread should be basically closed.
     
  15. 3DGamesDeveloper

    3DGamesDeveloper

    Joined:
    Jan 16, 2016
    Posts:
    9
    yes , It works with Unity signing process. I published an application (alpha) with unity, and Google Play App Signing activated.

    P.S. If you're enrolled in Google Play App Signing, you can reset your upload key if:
    • You lost your private key, or
    • Your private key has been compromised
    (you create a support ticket and prove that's it's actually you).
     
    Last edited: Jan 3, 2018
  16. Yury-Habets

    Yury-Habets

    Unity Technologies

    Joined:
    Nov 18, 2013
    Posts:
    1,072
    Most likely, so I linked the thread which claimed keys generated in the Unity Editor were incompatible. The fix for that is in latest alpha version, and will likely land into few of the earlier versions.
     
  17. incenseman

    incenseman

    Joined:
    Nov 20, 2012
    Posts:
    84
    https://support.google.com/googleplay/android-developer/answer/7384423

    Step 2: Prepare your release
    Prerequisite: If you're a Play Console account owner, you can opt in to Google Play App Signing. You'll need to accept the Terms of Service once per developer account. Once you've accepted the terms, you can enroll individual apps into the program.

    Go to your Play Console.
    Select an app.
    On the left menu, select Release management > App releases.
    Next to "Google Play App Signing," select Accept.

    The menu options in the directions above simply do not exist in the console.
    Because of this the process comes to an abrupt halt for people that have never done it.
    If someone that has done it could post step by step directions, using menu options that do exist, that would help tremendously.

    This is a screenie of the google play console menu. Please note that there is no option for "Release management". At this point the process simply cannot be completed.

    A step by step would help people get past this point.


    If you click on "app signing" you get the same menu.

    "Release management" is not an any of the menus.
    1. Next to "Google Play App Signing," there is no Accept option.
    I have sent this information to the google support team outlining the things mentioned above.
     
    Last edited: Jan 18, 2018
  18. reedny

    reedny

    Joined:
    Mar 4, 2017
    Posts:
    56
    What I remember is that the items with the triangle/! next to them need to be finished before you can move on. Try each of those to see if there is missing information that you can enter.
     
  19. incenseman

    incenseman

    Joined:
    Nov 20, 2012
    Posts:
    84
    I am trying to get all of that stuff finished but need to know how to use the google upload key to digitally sign my game first.
    I used the chat option and talked to a support person for google and they could not help.
    They said that they will have a "specialist" email me on monday.
    This process just seems to be broken.
     
  20. incenseman

    incenseman

    Joined:
    Nov 20, 2012
    Posts:
    84
    I have been doing some reading and it seems that there have been some changes to UI of the google developer site.
    There are a lot of people having the same issues that I am.
    Check out the comments for googles video for the new UI.
     
  21. incenseman

    incenseman

    Joined:
    Nov 20, 2012
    Posts:
    84
    Again people have dropped he conversation.
    Even google support gives sketchy unusable information.
    I think there are a lot of people that sign their games manually.
    If that is the case they should not be giving support for doing it automatically.
    That is very confusing and provides no real support.
     
  22. incenseman

    incenseman

    Joined:
    Nov 20, 2012
    Posts:
    84
    I finally figured out how to sign my game and got it uploaded to my google developer account.
    It says that all the requirements have been met.
    The entire process had nothing to do with google or android studio.
    I have no idea why people in google support and in the unity forums would not just tell me how it is done.
    Even if it is on the forums somewhere, after all my searching, I could not find it.
    During the weeks of fighting and struggling and getting nowhere, no one even mentioned the following.

    File>Build Settings>Player Settings>
    Under "Player Settings" click the "Publishing Settings" tab.
    "Create New Keystore" - Check it.
    "Browse Keystore" - Click it.
    "Alias" - select "Create a new key" on the dropdown.
    In the new window that appears - enter password and confirm password.
    "Alias" - select the new key that is now there on the dropdown.
    Back to "Build Settings" - build game with the android platform selected.
    Game now signed.

    Game can now be uploaded to google developer account.
     
    Last edited: Feb 1, 2018
  23. erwinumali

    erwinumali

    Joined:
    Jan 24, 2015
    Posts:
    1
    Thanks a lot incenseman, your explicit instructions helped me a lot, and also helped me wrap my head around the point of Google's app signing. They simply want you to use a new key that you haven't used on prior signed APK uploads before.

    This is done so that losing the upload key won't mean the end of the world for your app entry -- normally, losing the original signing key means you can never upload a new version of the app again. With Google's new signing scheme, you can ask them for help if you lose the original upload key.

    I know this sounds obvious to those who understand how the process works, but I've only understood its fundamental now. And it worked without a problem on Unity 2017.1.

    upload_2018-3-15_6-49-0.png
     
    robdil and Yury-Habets like this.
  24. robdil

    robdil

    Joined:
    Nov 12, 2013
    Posts:
    6
    thanks a lot incenseman and erwinumali for your helpful posts. So am I correct now in saying that, if you opted-in for Google automatic signing, the process is:

    1. generate new key (with JDK keytool)
    2. upload generated key to dev console
    3. build *UNSIGNED* apk in Unity
    4. upload game to dev console for automatic signing

    This would actually make sense :)
     
    ESludden likes this.
  25. Yury-Habets

    Yury-Habets

    Unity Technologies

    Joined:
    Nov 18, 2013
    Posts:
    1,072
    I think the process is to generate the key with Unity, in "Publishing" section of the Player Settings. It becomes the "Upload Key".
    And you have to sign your APKs with this key and upload it to the Play console, where it gets re-signed by Google.

    Please correct me if I'm wrong.
     
    robdil likes this.
  26. avvie

    avvie

    Joined:
    Jan 26, 2014
    Posts:
    72
    After a couple of days I managed to make login work because of this change, since the last time I made a game that required play services.
    What i figured out and I really hope that somebody has a solution to this, is that you need to upload every apk to test your code, and receive it through the play store.
    That is because your upload signing key is not what is expected by google. Since google will replace it with the app signing key.
    Is there a way to make iterating on device faster?

    EDIT:
    Turns out that you put the signing key of your upload certificate in the cloud consolse and it will work, as long as you have accepted the tester invitation
     
    Last edited: Apr 2, 2018
  27. username132323232

    username132323232

    Joined:
    Dec 9, 2014
    Posts:
    439
    Sorry if I'm missing something, but where does the upload key generated by Google's pepk.jar tool come in? Or are your instructions applicable only to new apps? If so, does anyone know how to update an existing app?
     
  28. ESludden

    ESludden

    Joined:
    Aug 27, 2012
    Posts:
    11
    Updated to 2018.2 and now I get an error when I try to upload my app to the Google Play Store. Previously I was able to upload the apk and upload subsequent versions, without having to stipulate an upload key anywhere. I assumed that the upload key was being held by Google, since I enrolled in 'google play app signing' program. Is this related to a UNity update, I'm not sure. My error looks like this: (I am definitely not in development build mode)

    Upload failed
    You uploaded an APK or Android App Bundle that was signed in debug mode. You need to sign your APK or Android App Bundle in release mode. Find out more about signing.
     
    McGravity likes this.
  29. PedroGarcia90

    PedroGarcia90

    Joined:
    Aug 23, 2017
    Posts:
    1
    I'm having the same issue Esludden.
     
  30. ESludden

    ESludden

    Joined:
    Aug 27, 2012
    Posts:
    11
    Thanks Pedro, I've made a bug report.
     
  31. SniperED007

    SniperED007

    Joined:
    Sep 29, 2013
    Posts:
    138
    Esludden same issue, do you have a bug number we can upvote?
     
  32. ESludden

    ESludden

    Joined:
    Aug 27, 2012
    Posts:
    11
    Last edited: Aug 5, 2018
  33. procureeminence

    procureeminence

    Joined:
    May 8, 2018
    Posts:
    1
    I'm having the same issue as well.
     
  34. ESludden

    ESludden

    Joined:
    Aug 27, 2012
    Posts:
    11
    I received help from google support. They have suggested manually generating an upload key, even though this seemed to be handled automatically before. I copied the following instructions from their email -

    To generate and register a new upload key:
    1. Follow the instructions in the Android Studio Help Center to generate a new key. It must be different from any previous keys. Alternatively, you can use the following command line to generate a new key:
    keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks
    • This key must be a 2048 bit RSA key and have 25-year validity.
    1. Export the certificate for that key to PEM format:
    keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

    Finally, you will need to contact Google Support and send them the .pem file generated by keytool. (Once they have the .pem file your keystore manual signing should work, expect to have to wait 24 hours).

    If you need help with the command line stuff, this is a youtube video explaining how to get Keytool set up with the Windows command shell.
     
    username132323232 likes this.
  35. Yury-Habets

    Yury-Habets

    Unity Technologies

    Joined:
    Nov 18, 2013
    Posts:
    1,072
    Creating a key in Unity should work as well as a signing key. If it doesn't - please submit a bug report.
     
  36. ESludden

    ESludden

    Joined:
    Aug 27, 2012
    Posts:
    11
    Users should remember to register their new upload key with Google Support, or apk will be rejected. Registration took about 24 hours.
     
  37. Yury-Habets

    Yury-Habets

    Unity Technologies

    Joined:
    Nov 18, 2013
    Posts:
    1,072
    Right, so your "upload key" is the intermediate one, and the actual signing happens on the Play store side.
    I meant - you can generate the upload key in Unity; no need to use keytool or anything else. Of course, then you have to register it at Play, and sign your app with it.
     
    ESludden likes this.
  38. Suduckgames

    Suduckgames

    Joined:
    Nov 28, 2016
    Posts:
    151
    I am also having problems with the certificate. in 2017.4.6f1. I think that Google Play changed something

    I was able to send my apk to the automatic signing system without any keystore specified on unity ( So I guess it was debug, but not sure)

    but now I am having the same error as ESludden.

    I think that as we uploaded previous version of the apk with the automatic system, they generate (or use the default that unity was using) the "Upload key" (That now you can download) But Google play didn't check if the apk was on debug sign before resign, and now they check it.
     
  39. Suduckgames

    Suduckgames

    Joined:
    Nov 28, 2016
    Posts:
    151
    Confirmed I checked the SHA -1 of the last apk that I uploaded and the SHA -1 of the new apk and both use the android debug certificate. The upload key SHA -1 is the debug in my case and since now Google play checks if the Upload key is on debug. We are not able to upload the apk.

    So the only way to solve the problem is as ESluden suggest. change the upload key with a new one
     
  40. MetalDonut

    MetalDonut

    Joined:
    Feb 7, 2016
    Posts:
    55
    How do you register your upload key with Google support?? I just created a key in Unity and Google Console accepted the APK and says I'm ready to publish. But this sounds like it might be rejected if I don't do this step first. I'm just not sure on how to do it. Thanks
     
  41. ESludden

    ESludden

    Joined:
    Aug 27, 2012
    Posts:
    11
    I just sent google support an email with the generated .pem file that I created, and asked them to register it at their end. It took about a day to get a reply and after that I had no issues uploading my apk. Hope that helps.
     
  42. MetalDonut

    MetalDonut

    Joined:
    Feb 7, 2016
    Posts:
    55
    Thanks. I asked Google the same question and they just told me to check the certificate section in Google Console that has MD5 certificate fingerprint, SHA-1 certificate fingerprint and SHA-256 certificate fingerprint and compare that to what I have in Unity. But I'm not sure where I would find this information in Unity as it only creates a Keystore file which I can't open (presumedly because it's encrypted)? Am I missing something?
     
  43. ESludden

    ESludden

    Joined:
    Aug 27, 2012
    Posts:
    11
    What happens if you just try to upload your apk to the Play Store? Perhaps post a part of the error message here.
     
  44. MetalDonut

    MetalDonut

    Joined:
    Feb 7, 2016
    Posts:
    55
    I actually found out how to find the certificates. Basically it revolves around using keytool and terminal. Oddly it only shows the certificate fingerprints for SHA1 and SHA256 but nothing for MD5. I've seen old issues for this in forums but nothing recently and specific to Unity. I've asked Google for some advice on how I can also obtain MD5. If they have a solution I'll post here for others.

    Also, my APK uploads fine to google console. I haven't tried publishing to Google Play yet as my understanding is that it will get rejected if the certificates don't match. So, I'm trying to check they're correct first.
     
  45. unity_K6RE9Byo6N7pFg

    unity_K6RE9Byo6N7pFg

    Joined:
    Feb 4, 2019
    Posts:
    13
    The only problem now is that I have to maintain the keystore file somewhere safe rather than have it in the Google' server.
    In a medium-sized company is not so easy to find someone to give this responsibility.
     
  46. JuliusM

    JuliusM

    Unity Technologies

    Joined:
    Apr 17, 2013
    Posts:
    394
    You might have misunderstood what the feature is all about. Just like before, when the only way was to sign the app yourself, you had to keep your signing key safe. With Google's signing service the signing key can be handled by Google, but you must still have an upload key and handle it yourself. All safety requirements are the same. The only difference is that in the latter case if your upload key got compromised or you lost it, you should be able to replace it and to continue to update your app, so it's more forgiving, but it still means you have to keep your upload keystore somewhere safe.
    What your quoted message says is that it is possible to generate an upload keystore / key in Unity so you can easily use Google's signing service if you want to. There are no issues in Unity that would prevent you from using Google's signing service. But as I've said before, you should still keep your upload keystore / key safe.
     
  47. areavisuale

    areavisuale

    Joined:
    Jul 23, 2015
    Posts:
    44
    I'm finding problem to create Android App Bundle from my Unity project. My project was signed time ago with a unity generated keystore. Now Google needs another type of key (i think PEPK), and I don't know how to convert it. Can anyone help me?

    I found that I can obtain a key exporting my project to android studio.
    When I try to build the app bundle from Android Studio it says that my project doesn't have the Gradle Plugin, but i cannot find the way to exporting using gradle in Unity.
    I'm using Unity 2019.1 and there isn't the "build system" option in build settings
     
    Last edited: Apr 30, 2019
  48. Kurius

    Kurius

    Joined:
    Sep 29, 2013
    Posts:
    412
    This thread is a top search result from Google, so I'm posting here what worked for me after countless hours of trying. The following includes the nuances to properly creating an Android Bundle file from Unity and also properly doing App Signing in the Google Play Store...

    The reason we need to make Android Bundles and do App Signing is because Android Pie (API 28+) has 64bit support for compatible devices.

    Now you need to supply both a 32bit and 64bit version of your game when you upload to Google Play Store.

    Unity 2017.4.x and greater allow a single export (“App Bundle”) to export to the store, at which time the store parses out a 32bit and 64bit versions from the bundle.

    First you need to update your Android SDK API version to 28 or greater.
    Also update your Android "build tools" to the latest version
    Finally update your Android NDK to version 13 or greater.

    To export a bundle from Unity…
    1. File -> Build Settings
    2. Don’t go to the Player Settings just yet, stay in the Build Settings that has your Scenes in Build listed etc.
    3. Set “Build System” to Gradle
    4. A new “Build App Bundle” checkbox appears which you should check
    5. Now go to Player Settings
      1. Scripting Backend choose “IL2CPP”
      2. Target Architectures choose all of them
        1. Especially choose ARM64
    6. Click Build
    7. It will create a “.aab” file in addition to an “.apk” file with the same name
    8. Note this makes builds take longer, don't create bundles if you're just troubleshooting your game during development
    9. Before you can upload the AAB file to the store, you need to do app signing as follows…
    To do Google Play app signing...
    1. First you need to encrypt your existing keystore that you already used in Unity
      1. In Unity
        1. File -> Build Settings -> check Export -> Build
      2. In Android Studio
        1. Open that exported Unity project within Android Studio
        2. Top menu, choose Bundle -> Generate Signed Bundle -> Android App Bundle -> Next
        3. Key store path
          1. Locate the existing keystore your Unity project used
          2. Fill in rest of fields
          3. Check box for Export encrypted key
          4. Specify any path you want for this export to be saved to
          5. Click Next
          6. Choose Release
          7. Click Finish
          8. If asked for Java JDK path, copy paste it from Unity -> Preferences -> External Tools -> JDK
          9. If error regarding JDK path
            1. Go back to Step #2 (Generate Signed Bundle) and try everything again, and this time it won’t ask you for the JDK path and it won’t error out
          10. Look for the successfully exported file called “private_key.pepk”
    2. Upload your private_key.pepk to Google Play
      1. Go to play.google.com/apps/publish
      2. Navigate to your game
      3. Release Management -> App Signing
      4. Click 1st radio button “Upload a key exported from Android Studio”
      5. Click “App Signing Private Key” button
        1. Choose your private_key.pepk file
        2. Click Finish
      6. You now see the App Signing screen
    3. Now upload your Unity “.aab” file to the Google Play store
    4. That's it, you now have a properly signed game that supports both 32bit and 64bit and is compatible with Android Pie OS!
     
  49. edsludden

    edsludden

    Joined:
    Nov 6, 2018
    Posts:
    4
    Can't help but feel Unity or Google could do something to make this a lot easier. Building to Mac was a breeze compared to this. I'm all for democratization of game development, but the complexity of terms and process would seem to preclude that. Maybe some kind of Android version of XCode? An app that has a sole purpose, rather than a suite of tools and a library of new terms and concepts. Looking at you, Google Play Store. Make us a 'launch' button.
     
    DanjelRicci likes this.
  50. Yury-Habets

    Yury-Habets

    Unity Technologies

    Joined:
    Nov 18, 2013
    Posts:
    1,072
    @Kurius thank you for sharing your experience.

    Few points I'd like to highlight:
    1. The NDK version must be exactly the one needed for the version of Unity you are using, "r13 or later" won't really work. IIRC it's r13b for Unity 2017.4, r16b for 2018.4, and r19 for 2019.3.
    2. As for the signing, you should be able to sign your AAB in Unity with the key without having to export and build in Android Studio. If it doesn't work for you, please let us know.