Solved: You uploaded an apk that is not signed with the upload certificate aka How to sign an android apk before uploading to Google Playstore
If you are here, then it’s most likely you have not done this before or you did but have forgotten. Don’t feel bad, we all have been there sometimes in the past.
So straight to why you are here, I believe you already have an unsigned .apk file. Next steps, open up your command prompt — I am using a Mac so it is called a terminal.
Next you need to use the keytool which should be already on your system if you have android studio installed. It is a simple key generator and you do that by typing the code below
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
You only need to change “my-release-key” and “alias_name”. For example I want to call my key “ekocab” and my alias same thing i.e (ekocab) — the above code becomes
keytool -genkey -v -keystore ekocab.keystore -alias ekocab -keyalg RSA -keysize 2048 -validity 10000
The validity is how long the RSA key will remain valid in days (10000 translates to 27 years) you can change that as it suits you. Once you hit enter you will be prompted with questions you should fill.
First is a password, please keep this safe as you wont be able to use the key again if you cant rememeber it — Imagine having an app with over 500K downloads and not being able to update it ever again — (Yes it happend to me and after several yes of Playstore asking me to update certain things on the app it was taken down)
After filling the prompts, a summary will be displayed. Accept it by typing “yes” and hit the enter/return key. The key will be stored in the current directory you are in. (usually I do this in my app directory so I have it in my version control). Keep the key and the password you used safe as without any of them, you wont be able to make updates to the app once it is on the playstore.
Now that you have your key it is time to sign the .apk file. (what I do is copy the keystore file to the location of the unsigned .apk file — serves as a backup just incase and also makes my next steps easier).
Now open your terminal/command prompt (and cd to the location of your unsigned apk) and type the code
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore app-release-unsigned.apk alias_name
Remember to replace the “my-keystore-relase-key” and “alias_name” with the one used during the key generation. And also if your apk is name something else and not “app-release-unsigned.apk” dont forget to change it toFor our ekocab keystore example the code above will look like so
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore ekocab.keystore HelloWorld-release-unsigned.apk ekocab
You are almost done, we need to optimise our signed apk by using a tool called zipalign. Without doing this step, you wont be able to upload an app to the playstore. Its quite simple. First find out if you have zipalign on your system by typing in your terminal the code below
which zipalign
on a Mac it is located at
~/Library/Android/sdk/build-tools/VERSION/zipalign
Where “VERSION” is the version of your android sdk. Now to generate the apk you will upload run the code
zipalign -v 4 app-release-unsigned.apk app-name-release.apk
Remember to change the “app-release-name” to the name you want the apk to be renamed to. In our example it is ekocab. so the code will look like so
zipalign -v 4 app-release-unsigned.apk ekocab.apk
And that is it, you can now upload the signed apk to Google Playstore and there while be no problems.
Why dont we have some fun, if you used this as a guide, leave your app appstore url in the comments section let us discover our apps together — you never know