App signing by google play or our own?

  • Hi. I don't upload anything to play store in 4 years. Play console and things got really different now and I saw that we have the option to let google handle the signing process. So what you guys do?

    Is it the best let google handle it? I seams like a better option because of the app bundle thing and you don't really need to bother with it too.

    Thanks.

    Tagged:

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • App bundle is cool, but I'm not sure it has many advantages for Construct yet. App signing is good if your worried about losing your keystore or access to it, but that can be solved by good backup strategies. It also has the downside that you still have to have a keystore for signing ( they check that it was you that signed the APK then resign it ). Also your key signature will be different, making testing anything to that uses Google Auth ( Play services for instance ) awkward.

  • The tutorial How to publish mobile apps covers a few of the options.

    App bundles are kind of interesting for the larger app size you can publish, but right now I think you'd have to do an export via Android Studio to use that.

  • Well, I used the c3 service and built a signed apk but, in play console, I chose the option, which let google manage my keys, when I've uploaded my apk in alpha stage.

    App bundle is cool, but I'm not sure it has many advantages for Construct yet. App signing is good if your worried about losing your keystore or access to it, but that can be solved by good backup strategies. It also has the downside that you still have to have a keystore for signing ( they check that it was you that signed the APK then resign it ). Also your key signature will be different, making testing anything to that uses Google Auth ( Play services for instance ) awkward.

    What do you mean by awkward? My key signature that I got on export will be different how?

    Well, if the only benefit is the backup security that google can provide, I believe I'm not using it then. Gonna have to start again but, since It is in alpha with just 2 testers, I believe I can restart the process again with a new app project in Play Console, right?

  • The signature is a string that is unique to your signing key.

    When you set up an application to use Google Authentication ( sign in with google account, only used for Google Play Games at the moment ) they provide you with an application key which is unique to your app, and you provide them with the signature for your signing key.

    Then in your app when it attempts to use that application key the sign in service checks the signature of the key which was used for the APK, if it doesn't match the sign in window doesn't appear. It's a pretty solid security system, but one that can be awkward.

    If you use their signing service, then your application has been signed with a different key that you don't have so the signature doesn't match. I believe they provide you with the signature for the key, so you can change the signature to match. However, it does mean that you cannot produce a working build without at least publishing it via an alpha channel.

  • The signature is a string that is unique to your signing key.

    When you set up an application to use Google Authentication ( sign in with google account, only used for Google Play Games at the moment ) they provide you with an application key which is unique to your app, and you provide them with the signature for your signing key.

    Then in your app when it attempts to use that application key the sign in service checks the signature of the key which was used for the APK, if it doesn't match the sign in window doesn't appear. It's a pretty solid security system, but one that can be awkward.

    If you use their signing service, then your application has been signed with a different key that you don't have so the signature doesn't match. I believe they provide you with the signature for the key, so you can change the signature to match. However, it does mean that you cannot produce a working build without at least publishing it via an alpha channel.

    All made sense. Thanks for the great explanation! I'm going to manage my own keys now.

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)