Use an app signing certificate, or something else, on a new app using App Signing by Google Play?


How do I do step 3 in the instructions to use App Signing by Google Play?

The certificate used to sign the first APK uploaded to the store will be your upload certificate and each new release needs to be signed with it.

In particular,

  1. Can I use the app signing certificate, or does it need to be an upload certificate, which I need to email Google to create?
  2. When does Expo ask for a certificate? My previous attempts using expo build:android -c -t app-bundle or expo credentials:manager, it asks for keystores. I stop expo build:android before it gets on the build queue, I’ve only been experimenting.
  3. How can I provide Expo a keystore, when letting Google Play handle the app signing key means that Google stores the keystore themselves and never gives it to us? The only alternative I’ve found so far by reading Android docs is to use Android Studio to generate an upload keystore, but that kind of defeats the purpose of Expo.
  4. If I try to use the app signing certificate when it asks for a keystore, Expo asks for an alias, or a password. As Google created the app signing certificate, I don’t know either of those things.

After step 2, creating the new application in Play Console and selecting Continue to let Google Play handle the app signing key, my App Signing section in Play Console looks like this:

I therefore think I don’t have access to the following?

  1. The upload key, or the upload keystore
  2. The app signing key
  3. An upload certificate, before I ask Google to make one.
  1. The upload key, or the upload keystore
  2. The app signing key
  3. An upload certificate, before I ask Google to make one.

Upload cert is sth you need to generate and provide to google not another way around.
The app signing key was in keystore that was used to sign first uploaded apk. Now you don’t need it anymore because app signing is enabled, everything should be signed with upload keystore

You can do this manually by following google instructions or by using expo and following steps I listed bellow

  1. Run expo build:android -c -t app-bundle or create keystore using expo credentials:manager, in both cases select Let Expo handle the process option
  2. Run expo fetch:android:upload-cert to extract the public key from new keystore
  3. Send .pem file created by command from step 2 to google support team

After they reset your upload certificate, the fingerprint should match the output of
expo fetch:android:hashes

1 Like

Thanks! This is quite helpful. I’ve sent the upload certificate to Google and am waiting to see what they send back.

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.