简体繁体 English

从 google play 发布 apk 安装/更新应用程序

[英]Release apk install/update app from google play

原文 2019-02-28 19:16:25 7 2 android/ google-play/ apk

The following is the situation:情况如下：

I have an app, that I have published to the Google Play store (version code: 100, version name 1.100).我有一个应用程序，已发布到 Google Play 商店（版本代码：100，版本名称 1.100）。 I want to add feature allow people to update the app using an apk(release) from a website instead of from the Play Store.我想添加功能，允许人们使用来自网站而不是 Play 商店的 apk（发布）更新应用程序。

BUT during testing I found the following problem:但是在测试过程中我发现了以下问题：

Download current app from store(v - 100)从商店下载当前应用程序(v - 100)
after that try to install(update) using the APK I compile之后尝试使用我编译的 APK 安装（更新）
result - "App not installed."结果 - “未安装应用程序。”

But if I但如果我

install a hand created old APK (exactly the same as was uploaded to the Store)安装一个手工创建的旧 APK（与上传到商店的完全相同）
try to install a handcreated APK update that was uploaded to the store尝试安装已上传到商店的手工制作的 APK 更新
everything works fine一切正常

CAN you please describe there're some limits additional checkers for security or something wrong on my side ?你能描述一下有一些限制额外的安全检查器或我这边有什么问题吗？

2 个解决方案

You are probably signed into Google Play App Signing .您可能已登录Google Play App Signing 。

Every Android app is signed with a key .每个 Android 应用程序都使用密钥签名。 When the phone tries to install an update, the update must be signed with the same key as the original app.当手机尝试安装更新时，更新必须使用与原始应用程序相同的密钥进行签名。 This is for the security of the user.这是为了用户的安全。 This stops a fake version of WhatsApp or Facebook (or your app) being created and users tricked into installing it.这会阻止创建虚假版本的 WhatsApp 或 Facebook（或您的应用程序）并阻止用户安装它。 A bad developer can create an app with the same package name, but doesn't have access to the key, so this protects the users.糟糕的开发人员可以创建具有相同包名的应用程序，但无法访问密钥，因此可以保护用户。

When you deliver through Google Play App Signing, Google removes the signature with your key (the "upload key") and signs it with a new Google Play key.当您通过 Google Play App Signing 交付时，Google 会使用您的密钥（“上传密钥”）删除签名，并使用新的 Google Play 密钥对其进行签名。 This is a good thing.这是一件好事。 It protects you if you lose your upload key, without this there would be nothing Google could do to help you.如果您丢失上传密钥，它会保护您，没有它，Google 将无法为您提供帮助。

But this is why the upgrade doesn't happen.但这就是升级没有发生的原因。 The app you hand create is signed with your upload key, so it won't update the app installed from Google Play.您手动创建的应用已使用您的上传密钥进行签名，因此它不会更新从 Google Play 安装的应用。

This is a good thing.这是一件好事。 You don't want users who installed from one source (eg Google Play) to update from another source, like a download from a website.您不希望从一个来源（例如 Google Play）安装的用户从另一个来源更新，例如从网站下载。 It would put them at serious risk of harmful fake apps.这将使他们面临使用有害虚假应用程序的严重风险。

However, if you really want to do this, you need to not use Google Play App Signing.但是，如果您真的想这样做，则无需使用 Google Play App Signing。

An alternative solution:另一种解决方案：

You can upload your signed apk on google play console then download the new signed apk and put it on your website or anywhere else.您可以在 google play 控制台上上传已签名的 apk，然后下载新的已签名 apk 并将其放在您的网站或其他任何地方。