Uploading Android App Bundle to Google Play Console - key signing error

Question

I'm trying to upload a brand new.aab file to the Google Play Console, but keep getting this error:

Upload failed
You uploaded an APK or Android App Bundle that is signed with a key that is also used to sign APKs that are delivered to users. Because you are enrolled in App Signing by Google Play, you should sign your APK or Android App Bundle with a new key before you upload it.

I'm completely stumped, as I generated a new key for this app bundle at the time of generating the app bundle, ie through the Build > Generate Signed Bundle / APK... menu item in Android Studio, so it is a brand new key, unused by other apps.
I've even tried creating a whole new keystore with a new key in it, but always get the same error. Is this some quirk someone else has come across?

When enrolling for App Signing by Google Play for this app, I chose the "Let Google manage and protect your app signing key (recommended)" option, and from all the documentation I've read, the key that you use to sign the app with first becomes the "Upload Key", so it seems like I'm doing everything correctly, but no dice.

Does anyone have any advice, or past experience on this?

Answer 1

I am facing the same issues, in my case signinConfig was setup, I made one simple mistake, that I forget to change app debuggable to false . so even though I generated from menu or from gradle command, build was successfully generated but it was debuggable so play store not accepting signed apk and give me and message like Upload Failed The Android Bundle was not Signed in .

Answer 2

Well, after a lot of screaming and shouting, including reaching out to Google Play Console support in chat (they're only first level support, so... not much help) and email (who put me in the too hard basket and said they can't offer support for app development - what? the problem is to do with uploading an app to Play Console, not app dev!), I discovered this self answered question https://stackoverflow.com/a/54359729/845205 .

Basically, make sure you're doing a Clean & Rebuild Project whenever doing anything to do with signing in Android Studio. For some reason it thought my new app was using the key from my old app and kept signing with that. (I guess the solution was app development support after all!)

Answer 3

make sure to change app debuggable to false in build.gradle file

Answer 4

"through the Build > Generate Signed Bundle / APK... menu item in Android Studio, so it is a brand new key, unused by other apps."

Not really. The keystore that Android Studio uses is associated with the Android SDK installation, so all the apps created from your Studio are signed with the same key.

What happened is that you must have created another app, signed it with that keystore, and uploaded it to the Play Console, thus making it a key used to sign APKs served to end users. At the same time, you created another app which you enrolled in Play Signing: for this app, the upload certificate is extracted from the first APK you upload. Since you signed that APK with Studio as well, the same keystore was used. Play detected that it was the same certificate for both those apps, and since you used the same key for two different purposes (app signing key for your first app, and upload key for your second app), Play rejected it. The reason is that an app signing key is much more important than an upload key (the latter can be reset while the first one can't), so you shouldn't use them for two different purposes.

In other words, you'll need to create a different keystore to sign your apps enrolled in Play Signing (ideally, one per app), and make sure you never use that keystore as an app signing key for another app.

Answer 5

I hit this error in our apps. We use the same upload key for all of our apps.

So when you create a new app, make sure you select the option Use an existing key that you sign an app with instead of the (Google recommended) option which is to send them an unique upload key.

The really annoying part is that this option can only be selected once, so we had to delete our app and recreate it.

Answer 6

Try removing everything about the new app from console, then start by generating a new key and rebuilding the app with the new key. Then you can re upload the new apk.

Answer 7

The solution for me turned out to be a matter of changing the build variant .

To recap, when I tried to upload my signed .aab bundle file into the Google Play Console for developers, I received this error The Android App Bundle was not signed.

Keep in mind that this error is ambiguous and could be caused by a number of issues as visible in the other answers on this page. I had originally uploaded my app using the release build variant. Forgetting what variant I had used originally, I tried to upload the debug build variant and got this error.

My fix : Upload the same build variant as the original one. They must match!

Answer 8

The following solution worked for me. Add following two lines to your gradle file.

    release {
        minifyEnabled false
        proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
        **signingConfig
        debuggable = false**
    }

Answer 9

我遇到了同样的问题，我通过删除我的应用程序并再次添加它来播放控制台来解决它。

Answer 10

The other way this can happen is if you have a signingConfig set up in the app build.gradle. It doesn't seem to matter what you specify in the signing section when you're making a bundle - even if you make a new one or choose some other keystore - it will use the one specified in the gradle file.

Answer 11

我也面临这个问题，我加入这行signingConfig signingConfigs.release在android系统>应用程序>的build.gradle> {buildType{release{ signingConfig signingConfigs.release }}}

Answer 12

In my case it was because I was choosing the debug folder instead of release folder in my project as the destination for the Android App Bundle.

I needed the App Bundle for internal testing so I guess that's why it came natural to me to choose it.

Answer 13

i know this is an old issue but since i just hit this problem and my solution is not listed, i want to share it so it can help some future stackies.

My problem with signing the app was the entry testCoverageEnabled true which was inside the

buildTypes{ release { ... }}

even though debuggable false was set, googles error message was Upload Failed The Android Bundle was not Signed or debuggable version was uploaded

setting the testCoverageEnabled flag to false fixed my issue.

Answer 14

was facing similar issue when uploading aab to playstore from CI/CD, add

signingConfig signingConfigs.release

in release config as follows

    release {
        signingConfig signingConfigs.release
        minifyEnabled true
        shrinkResources true
        proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
    }

make sure you have included signing configs in build.gradle as follows

signingConfigs {
    release {
        storeFile file("$projectDir/dummy.keystore")
        keyAlias 'dummyAlias'
        storePassword 'dummyPassword'
        keyPassword 'dummyPassword'
    }
}

Answer 15

In my case I have

debuggable true

in. the correct value is false

buildTypes
     {
         release {

Answer 16

只需创建一个新密钥，它就会上传。