Search code examples
androidfluttergoogle-playgoogle-play-consolerelease-management

Does Manage Signing Key by Google override settings in signingConfigs?

I followed the directions here to release my Flutter app. Specifically, I created my own key.jks file and referenced it appropriately from the signingConfigs section in build.gradle. When I uploaded my app to the Play Console, I was given the option to 'Manage Signing Key by Google,' and chose this option. Does this:

  • override the signing done by signingConfigs?
  • if I lose the local key.jks file and use a new key.jks, will my app still function properly since I'm letting Google manage key signing? If the user upgrades, will Android treat this as a new app install?
Solution

  • Re "overriding the signing"

    It depends how you enrolled in Play Signing (i.e. "Manage signing key by Google").

    By default, when you enroll a new app in Play Signing, Play generates a new signing key which it will sign all APKs of your apps with. In that sense, it "overrides" the signature of the APKs you upload to Play Console, yes. In the "App Signing" page of the Play Console, you can find the certificate associated with that key (and its MD5, SHA1, SHA256) in case you need to provide it to some APIs for those APIs to work.

    In that scenario, the key you signed the APK with is called the "upload key": it is used only for Play to authenticate that artifact was signed by you. What your end users get is the APK that is re-signed with the "app signing" key (that Google generated).

    There is also an advanced option for new apps when you first enroll where you can supply the key that Play signs the APK with. In this case, Play will sign the APKs it serves to users with the key you supplied.

    For "existing" apps (i.e. apps that have uploaded APKs before enrolling into Play Signing) to enroll in Play Signing, there is no choice but to supply the key currently used to sign APKs (since users must always receive an APK signed with the same key).

    A lot of it is explained in this documentation: https://support.google.com/googleplay/android-developer/answer/7384423

    Re: if you lose the local key.jks

    If you're already enrolled in Play Signing and you lose your keystore, then there will be no impact for your users. You will have to ask Google to reset your upload keystore (after proving your identity) so you can continue uploading APKs or App Bundles, but Play will still hold the key that it uses to sign the APKs served to your users, so there will be no change for your users and they'll see updates as usual.