Application signature (key issues)

Post reply
0 favourites
From the Asset Store
Random Maze Gen. with Door & Key
$10 USD
Random Maze Generator with Door & Key System - tutorial capx
luckyrawatlucky's avatar
luckyrawatlucky

  • Just for the heads up google are going to change to this.

    Starting in August 2021, new apps will need to:

    Publish with the Android App Bundle format.

    Use Play Asset Delivery or Play Feature Delivery to deliver assets or features that exceed download size of 150MB. Expansion files (OBBs) will no longer be supported for new apps.

    Target API level 30 (Android 11) or above and adjust for behavioral changes.

    Starting in November 2021, app updates will be required to target API level 30 or above and adjust for behavioral changes in Android 11. Existing apps that are not receiving updates are unaffected and can continue to be downloaded from the Play Store.

    The switch to Android App Bundle delivery will also impact instant experiences using the legacy Instant app ZIP format. From August 2021, new instant experiences and updates to existing instant experiences will be required to publish instant-enabled app bundles.

    https://developer.android.com/distribute/best-practices/develop/target-sdk

    As far as I can see it only applies to new apps only, For now

  • I did a signed release build in Construct and ran the following command on it:

    .\apksigner.bat verify --verbose .\test-signed.apk

    It produced the following output:

    > Verifies

    > Verified using v1 scheme (JAR signing): true

    > Verified using v2 scheme (APK Signature Scheme v2): true

    > Verified using v3 scheme (APK Signature Scheme v3): false

    > Verified using v4 scheme (APK Signature Scheme v4): false

    > Verified for SourceStamp: false

    > Number of signers: 1

    The line "Verified using v2 scheme (APK Signature Scheme v2): true" appears to indicate the APK is already signed with the APK Signature Scheme v2.

    So I don't know why the Play Store would show an error. Perhaps if you are using your own key it is that key which does not support the v2 scheme? It seems to be valid if you use Construct to both create the key and sign with it. The build server uses apksigner, which is the official Android build tool for signing APKs, and according to the documentation, it appears to automatically detect the signing schemes to use, and according to my test it appears to indeed be correctly adding the v2 scheme. Maybe you could run a similar apksigner command to identify the schemes being added to your own APKs.

    If I speculate, perhaps the v2 scheme can only be added if you use the same password for the keystore and the key - after all, the official keytool program no longer supports different passwords (hence the headache about having separate passwords last year), so maybe the v2 scheme doesn't support different passwords either. 🤷‍♂️

    Android APK Signing Tool (APK Signer)

    https://workupload.com/file/6zMGTZbZ

    Here you go, this is the application that many people used to sign applications with.

    Now the key that was created with it must be used in the Construct 3 system.

    And signing the application in Construct 3 using the old key (what was created at the beginning outside of Construct 3) which is associated with the Google Play market gives an error.

    Is it possible to somehow expand the signing functionality in order to experiment with the activation checkboxes with v1 v2 v3 and so on?

    I understand that you can talk about this forever, but how exactly to solve this issue.

    Study the ANDROID SDK? Well, you can, well, you have to study)))

  • Ashley, could any of your programmers, or yourself, do a short step-by-step tutorial for us on how to sign an application using the Android SDK?

    That is, signing an application that was compiled in Construct 3 is possible as an android project or an unsigned APK file.

    +

    Guys, do you agree that a lesson on signing an application using Android Studio will be just right for us?)

    Would you support this idea that the developers and the Construct 3 system can do such a step-by-step forum tutorial for us?

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads

  • I personally really really want, I personally support and would like to get step by step instructions on how to sign applications using the Android SDK.

    I think this is very reliable, I think that everyone understands how important this is, given the upcoming changes, this is very important.

    Just like me and other people, there are applications in the Google Play market, and we are aware of the upcoming changes and increased requirements for applications when publishing and signing them.

  • Just for the heads up google are going to change to this.

    Starting in August 2021, new apps will need to:

    Publish with the Android App Bundle format.

    Use Play Asset Delivery or Play Feature Delivery to deliver assets or features that exceed download size of 150MB. Expansion files (OBBs) will no longer be supported for new apps.

    Target API level 30 (Android 11) or above and adjust for behavioral changes.

    Starting in November 2021, app updates will be required to target API level 30 or above and adjust for behavioral changes in Android 11. Existing apps that are not receiving updates are unaffected and can continue to be downloaded from the Play Store.

    The switch to Android App Bundle delivery will also impact instant experiences using the legacy Instant app ZIP format. From August 2021, new instant experiences and updates to existing instant experiences will be required to publish instant-enabled app bundles.

    https://developer.android.com/distribute/best-practices/develop/target-sdk

    As far as I can see it only applies to new apps only, For now

    Yes, and this is inevitable, but we need to find an urgent solution to this issue.

    Thank you for the information that will greatly help those who did not yet know what lies ahead in the future and those who know and help working on solving this issue.

    Will you yourself support the initiative to create step-by-step instructions here on the forum?

    Best regards, thank you)

  • I don't see much that we can do here: the APK signing tool is the official one by Google, we didn't make it, and the build server just runs that. If you use a third-party tool, we can't support that - any issues will need to be taken up with the respective developer. (As with addons, this is another reason why you should choose third-party tools carefully and make sure they are actively supported and maintained in case they cause any problems.)

    For general advice on building and signing Android apps, you can refer to Google's official documentation, such as Sign your app. You can also export Android Studio projects from Construct and continue to do building and signing with Android Studio, which Google's official guides also cover.

  • Dear friends, a solution has been found!

    It turns out that for the beginning you generally need to understand what tools are intended for what, to study the structure of work and functions.

    That is, just to study the relationships of objects.

    https://www.construct.net/en/tutorials/manually-signing-android-apps-29

    I used: 1) PowerShell 2) Android SDK (More precisely, their insides.) 3) keytool (commands and how the command is written) 4) zipalign

    First you need to understand how to write the commands themselves correctly, I personally did not know some small nuances from the beginning.

    The best way to understand the solution is to study the documentation without being lazy))

Post reply
Return to board index
Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)