Search code examples
androidgithubapkgithub-actionsandroid-keystore

.apk Built from GitHub Workflow not Compatible with Local Build

When I try to install an .apk built from a GitHub workflow over one that I built locally, I get the following error:

$ adb install -r /path/to/package-debug.apk
Performing Push Install
/path/to/package-debug.apk: 1 file pushed, 0 skipped. 14.1 MB/s (4047241 bytes in 0.275s)
        pkg: /data/local/tmp/package-debug.apk
Failure [INSTALL_FAILED_UPDATE_INCOMPATIBLE]

I can install the GitHub built version if I uninstall the locally built package first.

I have run aapk on both packages to make sure they were built with the same min & target values. My guess is that the key signatures are different, but I'm not sure. The build is configured to use the default signing config (signingConfig signingConfigs.debug) in build.gradle. Do different versions of the Android development tools provide different versions of the debug signing keystore? Or does each installation generate a unique keystore file? Is there a way I can get more information on why the installation fails?

I also noticed that the file sizes are different:

$ wc -c local-debug.apk
4085058 local-debug.apk

$ wc -c remote-debug.apk
4047241 remote-debug.apk

I have looked at this question, but the answers are about uninstalling first. I need to figure out how to make the remote build compatible with the local one.

Solution

  • I found a solution before posting this question. And as I haven't seen the answer on StackOverflow, I will post it in case it might help someone else.

    It appears that the Android development tools generate unique debug keystores on systems that don't already have one. I was assuming that the keystore file was a universal one. So to solve the problem, I simply included the keystore file with the source code (I'm assuming is safe as it is meant for debugging only) & set its location in the gradle.build file.

    In this particular case, I put the keystore file in the same directory as the gradlew script & added the following line to app/build.gradle:

    signingConfigs.debug.storeFile file("../debug.keystore")

    Edit: Though now I have deleted it as the head developer felt it was unsecure. So, use this solution at your own risk & don't use debug keys for signing official releases of your software.