[英]Release apk install/update app from google play
The following is the situation:情况如下:
I have an app, that I have published to the Google Play store (version code: 100, version name 1.100).我有一个应用程序,已发布到 Google Play 商店(版本代码:100,版本名称 1.100)。 I want to add feature allow people to update the app using an apk(release) from a website instead of from the Play Store.
我想添加功能,允许人们使用来自网站而不是 Play 商店的 apk(发布)更新应用程序。
BUT during testing I found the following problem:但是在测试过程中我发现了以下问题:
But if I但如果我
CAN you please describe there're some limits additional checkers for security or something wrong on my side ?你能描述一下有一些限制额外的安全检查器或我这边有什么问题吗?
You are probably signed into Google Play App Signing .您可能已登录Google Play App Signing 。
Every Android app is signed with a key .每个 Android 应用程序都使用密钥签名。 When the phone tries to install an update, the update must be signed with the same key as the original app.
当手机尝试安装更新时,更新必须使用与原始应用程序相同的密钥进行签名。 This is for the security of the user.
这是为了用户的安全。 This stops a fake version of WhatsApp or Facebook (or your app) being created and users tricked into installing it.
这会阻止创建虚假版本的 WhatsApp 或 Facebook(或您的应用程序)并阻止用户安装它。 A bad developer can create an app with the same package name, but doesn't have access to the key, so this protects the users.
糟糕的开发人员可以创建具有相同包名的应用程序,但无法访问密钥,因此可以保护用户。
When you deliver through Google Play App Signing, Google removes the signature with your key (the "upload key") and signs it with a new Google Play key.当您通过 Google Play App Signing 交付时,Google 会使用您的密钥(“上传密钥”)删除签名,并使用新的 Google Play 密钥对其进行签名。 This is a good thing.
这是一件好事。 It protects you if you lose your upload key, without this there would be nothing Google could do to help you.
如果您丢失上传密钥,它会保护您,没有它,Google 将无法为您提供帮助。
But this is why the upgrade doesn't happen.但这就是升级没有发生的原因。 The app you hand create is signed with your upload key, so it won't update the app installed from Google Play.
您手动创建的应用已使用您的上传密钥进行签名,因此它不会更新从 Google Play 安装的应用。
This is a good thing.这是一件好事。 You don't want users who installed from one source (eg Google Play) to update from another source, like a download from a website.
您不希望从一个来源(例如 Google Play)安装的用户从另一个来源更新,例如从网站下载。 It would put them at serious risk of harmful fake apps.
这将使他们面临使用有害虚假应用程序的严重风险。
However, if you really want to do this, you need to not use Google Play App Signing.但是,如果您真的想这样做,则无需使用 Google Play App Signing。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.