Need a Step by Step guide to App Signing for Google Play

[dave_probertGA6e24]

Hi All,

I have read through ALL the lessons on signing for android, etc on the Lessons/Tutorials part of the RunRev site, and I have gone though the Android Release Notes, I have searched this forum (as best I can!) and am now stuck.

Can anyone give a step-by-step guide as to what to do with the 64-bit RSA Public Key that is generated by Google for each App (on the Google Play developer console) regarding using it for a Paid App that I would like to put in their store?

The RunRev lessons deal with Self-Signed apk's - whereas a paid app needs the google signing thingy (as far as I can tell).

I have the ~400 bytes of key text from google, but I have no idea what to do with it at the Livecode/Java end. Can anyone help? Please do not reference the lessons, as they do not cover the up-to-date state of Google Play for Paid Apps.

I would also guess that if there is a good, easy to read, and well written guide then it should probably be "sticky'd" at the top of the Android part of this forum - so that everyone can easily find it (hint, hint!)

I now understand why people develop for IOS - it's so very much simpler!!!

Cheers,
Dave

[jacque]

I submitted my app to the Play Store with a self-signed key. I also just updated it with the same key. It's a paid app.

I made it in Terminal and used it the way the lesson describes.

[dave_probertGA6e24]

Hi Jacqueline,

Thanks for that. I'll try it with my self-signed version.

I'm a bit worried about what happens regarding In-App purchases, etc - where the use of the 'Trust' of a Google signed cert is probably going to be required. How do we use the Google Key then? I don't know much about the keys/cert process (except the very basics of using the Apple keychain utility and the Java generator - both of which I use while following a guide!), so I saw no reference as to where to put the key content.

If I have any problems with the submission then I'll let you know.

Cheers,
Dave

[jacque]

I'm pretty sure that all Android apps are self-signed unless something has changed recently. I'm not even sure which RSA key you mean, but I believe Google gets that from your self-signed key in order to verify user downloads of your app. You don't need to deal with it yourself.

To use your self-signed key, assign the file path to your keystore file in the Android pane of Standalone Settings. Be sure to change the popdown menu to use your key (the default is to use no key for testing.) The standalone builder will incorporate that key during the build. While it's building, it will put up a dialog asking you to input your key name, and both security passwords. Then it incorporates those into the app and you're done. You don't need to do anything special other than remember the values you assigned to your key.

[dave_probertGA6e24]

Hi Jacqueline,

I think it changed recently.

On the Google Play store now, when you go to upload an APK you see this message:

Licence keys are now managed for each application individually
If your application uses licencing services (e.g. if your app is a paid app, or if it uses in-app billing or APK expansion files), get your new licence key on the Services & APIs page.

It's that Paid App part that worries me.

If you then go to the licensing section you get a 400-ish byte 'key' with the message:

Base64-encoded RSA public key to include in your binary.

I've been using a self-signed key for local testing on my Android devices - that is no problem. I just don't fully follow the Play store aspects and prefer to not make too many mistakes.

But I'm going to try uploading a self-signed APK and see what happens.

Thanks again,
Dave

[jacque]

I see. Terrific. Now I need to figure it out too. Let us know how it goes, okay?

It's odd that my update didn't warn me about that, I updated only 3 days ago. Maybe older apps are grandfathered in.