הדף שביקשתם לא זמין בשלב זה בשפה שלכם. אפשר לבחור בשפה אחרת בחלק התחתון של הדף. לחלופין, באמצעות תכונת התרגום המובנית של Google Chrome תוכלו לתרגם מיד כל דף אינטרנט אל שפה לבחירתכם.

Use Play App Signing

With Play App Signing, Google manages and protects your app's signing key for you and uses it to sign optimized distribution APKs that are generated from your app bundles. Play App Signing stores your app signing key on Google’s secure infrastructure and offers upgrade options to increase security.
 

To use Play App Signing in, you need to be an account owner or a user with the Release to production, exclude devices, and use Play App Signing permission, and you need to accept the Play App Signing Terms of Service.

How it works

When you use Play App Signing, your keys are stored on the same secure infrastructure that Google uses to store its own keys. Keys are protected by Google’s Key Management Service. If you want to learn more about Google’s infrastructure, read the Google Cloud Security Whitepaper.

Android apps are signed with a private key. To ensure that app updates are trustworthy, every private key has an associated public certificate that devices and services use to verify that the app update is from the same source. Devices only accept updates when its signature matches the installed app’s signature. By letting Google manage your app signing key, it makes this process more secure.

Note: For apps created before August 2021,you can still upload an APK and manage your own keys instead of using Play App Signing and publishing with an Android App Bundle. However, if you lose your keystore or it becomes compromised, you won’t be able to update your app without publishing a new app with a new package name. For these apps, Play recommends using Play App Signing and switching to app bundles.

Set up and manage Play App Signing

If your app isn't yet using Play App Signing, follow the instructions below.

Step 1: Create an upload key

  1. Following these instructions, create an upload key.
  2. Sign your app bundle with the upload key.

Step 2: Prepare your release

  1. Follow the instructions to prepare and roll out your release.
  2. After you select a release track, the “App integrity” section displays the status of Play App Signing for your app.
  3. To proceed with a Google-generated app signing key, upload your app bundle. Alternatively, you can select Change app signing key to access the following options:
    • Use a Google-generated app signing key: More than 90% of new apps use Google-generated app signing keys. Using a Google-generated key protects against loss or compromise (the key is not downloadable). If you choose this option, you can download distribution APKs from the App bundle explorer signed with the Google-generated key for other distribution channels, or use a different key for them.
    • Use a different app signing key: Choosing the app signing key allows you to use the same key as another app in your developer account or keep a local copy of your app signing key for increased flexibility. For example, you might already have a key decided because your app is pre-installed on some devices. Having a copy of your key outside Google’s servers increases risk if the local copy is ever compromised. You have the following options for how to use a different key:
      • Use the same app signing key as another app in this developer account
      • Export and upload a key from Java keystore
      • Export and upload a key (not using Java keystore)
      • Opt out of Play App Signing (you should only choose this option if you plan to upgrade your app signing key to enroll into Play App Signing).
  4. Complete the remaining instructions to prepare and roll out your release.

Note: You need to accept the Terms of Service and opt in to app signing to continue.

Step 3: Register your app signing key with API providers

If your app uses any APIs, you usually need to register your app signing key with them for authentication purposes using the fingerprint of the certificate. Here’s where to find the certificate:

  1. Open Play Console and go to the Play App Signing page (Test and release > Setup > App signing).
    • Tip: You can also access this page via the App integrity page (Test and release > App integrity), which contains integrity and signing services that help you ensure that users experience your apps and games in the way you intend.
  2. Scroll to the “App signing key certificate” section and copy the fingerprints (MD5, SHA-1, and SHA-256) of your app signing certificate.
    • If the API provider requires a different type of fingerprint, you can also download the original certificate in .der format and convert it using the transformation tools that the API provider requires.

Create an upload key and update keystores

For increased security, signing your app with a new upload key, instead of your app signing key, is recommended.

You can create an upload key when you opt in to Play App Signing, or you can create an upload key later by visiting the Play App Signing page (Test and release > Setup > App signing).

Here’s how to create an upload key:

  1. Follow the instructions on the Android Developers site. Store your key in a safe place.
  2. Export the certificate for the upload key to PEM format. Replace the following underlined arguments:
    • $ keytool -export -rfc -keystore upload-keystore.jks -alias upload -file upload_certificate.pem
  3. When prompted during the release process, upload the certificate to register it with Google.

When you use an upload key:

  • Your upload key is only registered with Google to authenticate the identity of the app creator.
  • Your signature is removed from any uploaded APKs before they’re sent to users.

Upgrade your app signing key

This section contains instructions relating to upgrading your app signing key. If you lost your upload key, you do not need to request a key upgrade; refer instead to the Lost or compromised upload key? section at the bottom of this page.

In some circumstances, you can request an app signing key upgrade.

Here are a couple of reasons to request an app signing key upgrade:

  • You need a cryptographically stronger key.
  • Your app signing key has been compromised.

Important: Key upgrades are only supported for apps that use app bundles.

Before requesting a key upgrade in Play Console, read the Important considerations before requesting a key upgrade section below. You can then expand the other sections below to learn more about requesting a key upgrade.

Best practices

  • If you also distribute your app outside of Google Play or plan to later and want to use the same signing key, you have two options: 
    • Either let Google generate the key (recommended) and then download a signed, universal APK from the from App bundle explorer  to distribute outside of Google Play.
    • Or you can generate the app signing key you want to use for all app stores, and then transfer a copy of it to Google when you configure Play App Signing.
  • To protect your account, turn on 2-Step Verification for accounts with access to Play Console.
  • After publishing an app bundle to a release track, you can visit the App bundle explorer  to access installable APKs that Google generates from your app bundle. You can:
    • Copy and share an internal app sharing link that allows you to test, in a single tap, what Google Play would install from your app bundle on different devices.
    • Download a signed, universal APK. This single APK is signed with the app signing key that Google holds and is installable on any device that your app supports.
    • Download a ZIP archive with all of the APKs for a specific device. These APKs are signed with the app signing key that Google holds. You can install the APKs in the ZIP archive on a device using the adb install-multiple *.apk command.
  • For increased security, generate a new upload key that’s different from your app signing key.
  • If you're using any Google API, you may want to register the upload key and app signing key certificates in the Google Cloud Console for your app.
  • If you're using Android App Links, make sure to update keys in the corresponding Digital Asset Links JSON file on your website.

Lost or compromised upload key?

If you’ve lost your private upload key or it’s been compromised, you can create a new one. Your developer account owner can then initiate a key reset in Play Console.

After our support team registers the new upload key, the account owner and global admins will  receive an Inbox message and email with further information. You can then update your keystores and register your key with API providers.

The account owner can also cancel the reset request in Play Console.

Important: Resetting your upload key doesn’t affect the app signing key that Google Play uses to re-sign APKs before delivering them to users.

APK Signature Scheme v4

Android 11 and above devices support the new APK signature scheme v4. Play App Signing uses v4 signing for eligible apps in order to make it possible for them to access optimized distribution features available on newer devices. No developer action is required and no user impact from v4 signing is expected.

Related content

האם המידע הועיל?

איך נוכל לשפר את המאמר?

צריכים עזרה נוספת?

תוכלו לנסות את האפשרויות הבאות:

12663983810410847251
true
חיפוש במרכז העזרה
true
true
true
true
true
92637
false
Search
Clear search
Close search
Main menu
false
false