PackageManager: Package signatures do not match the previously installed version; ignoring!

Issue Details:  signatures do not match the previously installed version; ignoring!
Mainly this issue happens when you try to install app with the same package name but not signed with the same Key-store file.

Steps how issue generated:
1) Installed App from the Google Play (with Current App version 1.2 and version code 3004).
2) Use Android Studio and make new release APK having version 1.3 and version code 3005
3) I start update from app version(1.2) to version(1.3) to test whether app will update to new version 1.3 properly.
4) I come across blow error:

Here is the screenshot while updating my app installed from the Google Play (with Current App version 1.2) to New release APK (version 1.3).
It shows message App Not Installed

Android Studio Warning Log in Details:
11-18 11:49:03.466 1487-1518/? W/PackageManager: Package com.geekscompete.gate_isro_cs.ugc_net_preparation signatures do not match the previously installed version; ignoring!

Understanding Original APK, Derived APK, App Signing Certificate and Upload Certificate
Then, I followed common stuffs like invalidate and restart studio, clean project, and Make new release APK but No Luck!
I open Google Play Console and check if the SHA-1 generated from release keystore is same as the Upload Certificate SHA-1:
You can derive the SHA-1 for release apk after using below command:
keytool -list -v -keystore {keystore_name} -alias {alias_name}
SHA-1 from my release keystore and Upload Certificate SHA-1 is matching!

There is one other Certificate "App Signing Certificate" which Google Play uses to sign your app before distributing it to Android devices.

App Signing Certificate:
certificate for the app signing key that Google Play uses to sign your app before distributing it to Android devices. The app signing key itself is inaccessible and kept on a secure Google server. Use the certificate below to register your app signing key with your API providers.

Upload Certificate ():
certificate for the upload key that you hold privately. Use your upload key to sign each release so that Google Play knows the release comes from you. Use the certificate below to register your app signing key with your API providers for app testing purposes.

and After visiting my Google Play Console: Release Management -> App Signing
I have "OPT IN" for Google App Signing. : "App Signing by Google is enabled for this app".
If You have OPT-OUT of Google signing then your APK will not signed by the Google and Available apk to all users will be same as your uploaded APK to Google Play Console.

If you visit Google Developer account as mentioned below:
Release Management -> App Releases -> Production Track (Click manage)
And Click Latest APK download option -> You can see two option to Download APK files Original APK and Derived APK(If you have opt-in for Google Signing).

Original APK: APK file which you have uploaded after signing with the release Key-store (using .jks file) and upload it to the Google Play Console for making it live.
(Uses Upload Certificate to Verify new app version upload to Google Play Console)

Derived APK: This is the APK which is available to the users to download from Google Play Store after your app goes live.

Reasons for this issue is signatures mismatch:
APK download from Google Play Store is signed using App Signing Certificate.
Whereas release APK generated from Android Studio is using Upload Keystore file with .jks extension.

So, Signature of Upload Certificate and App Signing Certificate will not match.
Then I come across this amazing post:
Which gave Me Idea about APK Derived APK and Original APK, Signature mismatch:
https://readyandroid.wordpress.com/app-not-installedthe-package-conflicts-with-an-existing-package-by-the-same-name-android/

Derived APK -> https://stackoverflow.com/questions/44599767/google-maps-not-working-in-derived-apk-published-app#answer-49692374
For derive apk google introduce App singing feature. Google sign you apk agian, so you have to get App Sigining certificate's SHA1 and set it into Google Cloud Platform (wher you set your package name and SHA1)



No comments:

Post a Comment

Popular Posts