Search Unity

Android App Signing by Google

Discussion in 'Android' started by AgusB, May 18, 2017.

  1. Yury-Habets

    Yury-Habets

    Unity Technologies

    Joined:
    Nov 18, 2013
    Posts:
    1,148
    Definitely agree some things could've been easier. (now sure if XCode/Apple workflow is actually simpler ;) ) More specific suggestions are welcome.

    But please keep in mind that Unity supports vanilla Android and not only Google Play.
     
  2. Kurius

    Kurius

    Joined:
    Sep 29, 2013
    Posts:
    412
    Thanks. I thought Google Play demands a file of type "*.pepk". I didn't think Unity could produce a file of that type. That's why I used Android Studio, simply to produce the pepk file. Granted I'm using Unity 2017.4 not sure if that matters. Earlier I had tried uploading my "*.keystore" file to Google Play but it didn't like that. It wants a "*.pepk".
     
  3. AcidArrow

    AcidArrow

    Joined:
    May 20, 2010
    Posts:
    8,224
    Well, compared to building for Android, it's not simpler, but compared to actually building and delivering an app to Google Play I think the iOS workflow is much easier.
     
  4. Zahidylin_Marat

    Zahidylin_Marat

    Joined:
    Jul 28, 2012
    Posts:
    114
    Doesn't work.

    First i uploaded with old Keystone (generated in unity long time ago, 2-3 years ago). Then i created new Keystone in Unity 2019.1.8f1.
    In both cases (if i sign apk inside unity) i get error in Google play console:
    To upload an Android App Bundle you must be enrolled in App Signing by Google Play.

    When i try upload one of those Keystones directly to Google play console ( "Upload a key exported from Android Studio"), i get error:
    The private key was not properly encrypted or is not a type of key we support.
     
    WILEz1975 likes this.
  5. Kurius

    Kurius

    Joined:
    Sep 29, 2013
    Posts:
    412
    @Zahidylin_Marat look at the solution I posted near the bottom of the previous page of this thread.
     
  6. Zahidylin_Marat

    Zahidylin_Marat

    Joined:
    Jul 28, 2012
    Posts:
    114
    I have seen your solution. But as i understand it not best solution, because new unity Keystore is supported by google play:


    So i am wondering, why google dont accept unity 2019 Keystore. Is it unity bug, or google changer something again?
     
  7. Ogien

    Ogien

    Joined:
    Nov 21, 2012
    Posts:
    160
    OMG This is exactly what I was looking for, I don't know why Unity Support could not help us with this, the issue is not how to build your aab, the issue is how to upload the key you have been using for years generated by Unity 4 or whatever to Google Play. The Play console will not accept the the Unity generated key but the above workaround is so helpful. Thank you!
     
  8. sohail11330

    sohail11330

    Joined:
    Sep 26, 2015
    Posts:
    8
    so what I understand is that you have to export the project in android studio and follow the steps of kurius?
    there is no way unity create a key that helps in-app key signing
     
  9. Zahidylin_Marat

    Zahidylin_Marat

    Joined:
    Jul 28, 2012
    Posts:
    114

    Hello. Yury-Habets (from unity development team) say - unity key should work, but Google play rejects it.
     
  10. nikosurfing

    nikosurfing

    Joined:
    Mar 11, 2014
    Posts:
    45
    Hi, i don't get the "Generate Signed Bundle" on my android studio. And i tried the other method that using pepk tool. I get this error:

    Please someone help me
     
  11. sohail11330

    sohail11330

    Joined:
    Sep 26, 2015
    Posts:
    8
    i think your problem is there in the line --output=D:\
    you have to put the location of the folder where the .pem file will be saved.
    like this --output=D:\ the folder name you create in D\the file name.pem
     
  12. nikosurfing

    nikosurfing

    Joined:
    Mar 11, 2014
    Posts:
    45
    Thank you!! it works. I missed about file output in your post.
     
  13. sohail11330

    sohail11330

    Joined:
    Sep 26, 2015
    Posts:
    8
    well thats good but i also created the .pem file and upload it to goole play store and the file is rejected.
    how you upload the key to play store.
     
  14. nikosurfing

    nikosurfing

    Joined:
    Mar 11, 2014
    Posts:
    45
    Hi, sorry for late reply, i didn't get any notification. On release management>app signing. I choose no. 2 that using PEPK Tool and i using CMD to create "APP SIGNING PRIVATE KEY"., and i upload it. Just like that

    Once again thank you for helping me to understand how to use CMD about pepk usage. Hint on google play not really helpful
     
  15. sohail11330

    sohail11330

    Joined:
    Sep 26, 2015
    Posts:
    8
    I uploaded the android app bundle successfully but AAB is not really helpful for games.I thought it will reduce the size at least 5 to 10Mb.
    If you do not want to use android app bundle then just use the split apk option.yep "Split apk " do the exact same thing as android app bundle and you don not have to go through CMD process.
    "Split apk" option is available in unity 2018.4 and upward.
    Yep i am talking about "Split apk" not "Split binary".
     
  16. jag9980

    jag9980

    Joined:
    Jul 10, 2013
    Posts:
    4
    Top menu, choose Bundle -> Generate Signed Bundle
    Option is not there in the latest release, please help
     
    Guillaumzed likes this.
  17. monsterkane

    monsterkane

    Joined:
    Apr 10, 2016
    Posts:
    1
    can u make example ??
     
    WILEz1975 likes this.
  18. unit02

    unit02

    Joined:
    Sep 5, 2019
    Posts:
    1
    First off all thank you for your excellent support. I did all steps but nevertheless after I upload the aab file Google said that this is 32 bit again!

    I'm really tired really sick of these stupid rules of Google!!!
     
    TimothyGates and WILEz1975 like this.
  19. sohail11330

    sohail11330

    Joined:
    Sep 26, 2015
    Posts:
    8
    Step 5 is for 64 bit.
    if you already done that then i think its android studio who did this.

    There is no need to go to android studio.Do not waste time.
     
  20. WILEz1975

    WILEz1975

    Joined:
    Mar 23, 2013
    Posts:
    351
    Hi, thank you all for the explanations.
    One thing is not clear to me.
    In my project I only have the .keystore file and I can't find the private_key.pepk file to send to sign in on the Google console.


    Without passing this step I cannot send the aab file.

    Where can I find pepk file?
    Is it generated only by Adroid Studio?
    Does Unity also produce the pepk file?
    Does it do so only at the first creation of a new keystore?

    Sorry for bad english ;)
     
    Last edited: Sep 9, 2019
  21. sohail11330

    sohail11330

    Joined:
    Sep 26, 2015
    Posts:
    8
    if you are using android studio then go for export keystore from android studio.
    if you are using unity then go for 2nd option export from java keysotre.
    when you click on it then it will give you option to download .pepk file and the encryption id.
    open the command prompt give link to .pepk file and export the file which will be in .pem.
    upload this .pem file to here on in app signing and all is done.
     
    WILEz1975 likes this.
  22. WILEz1975

    WILEz1975

    Joined:
    Mar 23, 2013
    Posts:
    351
    Thanks, I solved it!

    I had to create a new app on the store (never mind, it was the first upload).
    It seems that the pepk data is in the keystore, as soon as the new version has been uploaded the signin page has been opened automatically.
    Now I have another problem. Which is a bit off-topic.
    "One or more of the auto-generated multi-APKs exceeds the maximum allowed size of 150 MB".
    Because they also have limits (150Mb). I knew the limit was 500Mb. o_O
     
  23. andyz

    andyz

    Joined:
    Jan 5, 2010
    Posts:
    1,778
    This whole thing is a time waster, but option 2 and command line creation of a .pem key seems easiest in the end. Though it does not make it clear the output path has to include path\keyname.pem!
    Unity could at least pass on an explanation when we generate .aabs to save us all some time but it is Google being complicated in the end!
     
  24. DR_BIZMAN

    DR_BIZMAN

    Joined:
    Oct 10, 2019
    Posts:
    1
  25. TimothyGates

    TimothyGates

    Joined:
    Jan 31, 2019
    Posts:
    19
    so am i
     
  26. TimothyGates

    TimothyGates

    Joined:
    Jan 31, 2019
    Posts:
    19
    the problem is when you do that, google says the key is not supported. it just going round in circle with it, it getting ready to walk away it all now.
     
  27. JuliusM

    JuliusM

    Unity Technologies

    Joined:
    Apr 17, 2013
    Posts:
    770
    What version of Unity do you use? The problem when the key generated with Unity was not accepted by Google Play was fixed a long time ago. Make sure you are using the latest available Unity version from the release cycle that you use.
     
  28. TimothyGates

    TimothyGates

    Joined:
    Jan 31, 2019
    Posts:
    19
    I was using unity unity 2018.3. I switched to unity 2019.1 and rebuilt my game, I built it up as an app bundle and it went onto google play a few days ago, so far it is still there and I hve even had 1 download up to now.
     
  29. GorillaOne

    GorillaOne

    Joined:
    Jul 2, 2013
    Posts:
    8
    So there seems to be a further issue here - if you allow Google to generate a signing key the process for uploading seems to be this.

    1) Unity signs your bundle with what Google recognizes as the "Uploading Signature". This lets google know the uploaded bundle is coming from an authorized source.
    2) Google strips that signature off, and signs it with the private key it has for your app that you never get to lay hands on.
    3) Google deploys the app.

    However, this causes one massive issue - you can't test IAP on debug side loaded versions built by Unity, because in order to do so you must have a matching signature to the published version on Google Play. And because you never get your hands on that private key, you can't do so. Your Unity built bundle will always only have the upload signature. So you can't sideload a debug build over a release build installed via google play and test IAP or other google features that way.

    Has anyone else had success with this? It's becoming a real pain to upload and test IAP without debug builds, and I'm not sure if there is a way around this while using the Google Play's automatic signing, and obviously there is no way back now either.
     
  30. sohail11330

    sohail11330

    Joined:
    Sep 26, 2015
    Posts:
    8
    Check this video if you are following all steps correctly but still getting errors.
     
    quizcanners likes this.
  31. quizcanners

    quizcanners

    Joined:
    Feb 6, 2015
    Posts:
    103
    The video above helped me.
    But putting the .inc at the end of Alias caused an error, it worked when I removed it.
    And if you have spaces in your path, put brackets "D:\Your Folder\Keys\you.keystore".

    Sidenote: I've put everything in one folder (perk.jar, me.keystore) and the output location was also there. The video makes it look a bit extreme.

    And I should mention that Google now wants you to Build App Bundle(Google Play) to include 32 and 64 bit versions. The later translates to adding both ARMv7 and ARM64 Target architectures in ProjectSettings->Player->OtherSettings. But the only way to add ARM64 is to switch to IL2CPP.

    If you did the last one (IL2CPP), you may get errors like me. It is because of [DllImport()].
    In my case I just removed them, but you need to do something to properly include them. There is something about it on the forum.
     
    Last edited: Feb 22, 2020
    bedorlan and JuliusM like this.
  32. Jumeuan

    Jumeuan

    Joined:
    Mar 14, 2017
    Posts:
    30
    @Kurius : Thank you! It work like a charm!
     
  33. giantkilleroverunity3d

    giantkilleroverunity3d

    Joined:
    Feb 28, 2014
    Posts:
    281
    I keep getting version bundle snags. Do I need to recreate the keystore everytime I build an apk or is the keystore used as me in google? In other words: new keystore each new apk or build or is this my developer id?
    I also had this work before by just bumping the bundle version number up one and leaving the unity build at #1. Now Goog is barking at me.
    So it looks like the Unity keystore creation might be the problem here?
     
    Last edited: Apr 19, 2020
  34. giantkilleroverunity3d

    giantkilleroverunity3d

    Joined:
    Feb 28, 2014
    Posts:
    281
    I forgot the password in the keystore drop down selection.
    Everything is now working.
     
  35. aliboukaroui23

    aliboukaroui23

    Joined:
    Jul 19, 2019
    Posts:
    13
    FOR MAC USERS. WRITE THIS
     
  36. valentin-simian

    valentin-simian

    Joined:
    Nov 16, 2012
    Posts:
    29
    PEPK tool throws errors at me:


    Code (CSharp):
    1. Enter password for store 'private_key.pepk':
    2. Error: Unable to export or encrypt the private key
    3. java.io.IOException: Invalid keystore format
    4.         at java.base/sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:669)
    5.         at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:220)
    6.         at java.base/java.security.KeyStore.load(KeyStore.java:1472)
    7.         at com.google.wireless.android.vending.developer.signing.tools.extern.export.KeystoreHelper.loadKeystore(KeystoreHelper.java:53)
    8.         at com.google.wireless.android.vending.developer.signing.tools.extern.export.KeystoreHelper.getKeystore(KeystoreHelper.java:39)
    9.         at com.google.wireless.android.vending.developer.signing.tools.extern.export.ExportEncryptedPrivateKeyTool.run(ExportEncryptedPrivateKeyTool.java:145)
    10.         at com.google.wireless.android.vending.developer.signing.tools.extern.export.ExportEncryptedPrivateKeyTool.main(ExportEncryptedPrivateKeyTool.java:110)
    11.  
    keystore generated via Unity's Keystore Manager, all the alias and password are correct.
     
  37. WBlackX

    WBlackX

    Joined:
    Nov 11, 2014
    Posts:
    6
    Hi everyone, Google changed something again, and there is no longer an option to use the key generated in Android studio, so the previous signature instruction does not work.

    This video contains relevant detailed instructions that worked for me today:


    Off-topic:
    I walked to the next boss:
    "Download failed.
    Before posting an APK file or Android App Bundle to Google Play, turn off debugging."
     
    robdil likes this.
  38. alan-lawrance

    alan-lawrance

    Joined:
    Feb 1, 2013
    Posts:
    300
    Is it possible to for Google Play Store to manage App Signing with app bundles made with Unity 2018.4?

    I created a keystore through Unity and built an .aab with it. But after uploading the .aab to the Google Play Store, there is an error saying the aab is not signed.

    I am using the (recommended) method for Google Play Store managing the signing, is there some other steps needed?

    The video in the previous post shows a bunch of steps... is that really needed?

    EDIT: And I'm not sure it's even possible to undo automatic signing without creating a new android application. I've been unable to find a way to go back to the signing options once you've opted into automatic signing.

    EDIT 2: Couldn't find a way to reconcile automatic signing with a keystore created Unity Side. So created a new application, followed the steps in the video in the previous post but still get error saying application is not signed. I've re-done the keystore creation steps on the Unity side with the same results.

    There are very good reasons to go with an app bundle vs APK, so I really want to figure this out. If something is broken on the Unity side (2018.4.23f1), need to know so I'm not spinning my wheels here.
     
    Last edited: Jul 16, 2020
  39. shihab37

    shihab37

    Joined:
    Jul 7, 2015
    Posts:
    22
    We are struggling with this too as we often need to side load a debug build over a release build to test that saved user data is properly updated during the update process but seems like updating an app installed from google play is not possible via side loading.

    How do you guys manage testing an update? Is uploading to Internal or Alpha release channels the only way?
     
  40. dixiehenry

    dixiehenry

    Joined:
    Aug 25, 2020
    Posts:
    4
    I'm having trouble singing from google. a new fmwhatsapp apk version was updated at TechBigs on my phone and it cannot login anymore.
     
    Last edited: Sep 23, 2020
  41. glaksmono

    glaksmono

    Joined:
    Nov 19, 2020
    Posts:
    21
    Screen Shot 2020-12-02 at 15.21.39.png

    How do you configure this when you're using Google KeyStore for the App Signing?

    I don't have the "key password"
     
  42. LesBloom

    LesBloom

    Joined:
    Feb 2, 2017
    Posts:
    120
    If, like me, you came here because you are having issues with long iteration time while testing Google Play Games Services code ....

    My issue involved:

    - Google Play Console controls my app signing key
    - Unity's keystore is applied to my Unity builds
    - Therefore I can't test Google Play Games Services code without fully uploading and publishing my builds through the Google Play Console

    This thread is how I finally got that fixed.

    https://github.com/playgameservices/play-games-plugin-for-unity/issues/2981
     
  43. Zahidylin_Marat

    Zahidylin_Marat

    Joined:
    Jul 28, 2012
    Posts:
    114
  44. johanhelsing_attensi

    johanhelsing_attensi

    Joined:
    Mar 24, 2020
    Posts:
    7
    I finally got it working with an app bundle and upload key and without involving android studio. Wrote a post on stackoverflow about it, as I feel these forum threads sometimes get really lengthy and/or dated.

    https://stackoverflow.com/questions...gle-play-using-play-app-sig/67019611#67019611

    The really hard thing for me was understanding which option to pick in google play, and how to get unity to use the upload key as the one generated by following the google docs is not usable by unity.
     
    Garen_ likes this.
  45. muhammadhassan3

    muhammadhassan3

    Joined:
    Nov 13, 2019
    Posts:
    2
    Hi i am facing problem in this i am using unity 2019.4.29f1 to build .aab file but getting sha key error when publishing it to play store any help
    i also tried command prompt and pepk.jar file technique but getting error no mai manifest found path of pepk.jar file
     
unityunity