How to sign Expo app APK to update existing App on Google Play Store?

I have an EXPO app and I already created and published it on Google Play Store. The Google App Signing is activated for this project. When I built my expo app for the first time with ‘expo build:android’, I choose the option to let expo handle the signing stuff. Now I want to update this APK in this project. I used the command ‘expo build:android’ to build the updated APK. But when I send it to my project on Play store, it says that the certificate is wrong (‘Upload failed You uploaded an APK that is signed with a different certificate to your previous APKs. You must use the same certificate’). Yes, I read this documentation: https://docs.expo.io/versions/latest/distribution/uploading-apps

The same thing happened to me. According to @charliecruzan , this should only affect people who signed and uploaded their app between 12/19 to 12/26.

If you also signed in this time frame, you have to reset your upload key at Google Support (I did so). Afterwards I would recommend you to refrain from letting Expo manage the process in the future. I had chosen Expo more for security reasons, but the services are not always as reliable as you would like. Keeping the store locally and saved on a stick should be reliable enough. Maybe also on a encrypted cloud storage.

1 Like

Thank you very much! So I:
1 - Reset my upload key at Google Support.
2 - Run ‘expo build:android -c’ to build the app clearing the credentials
3 - Select option ‘2’ to handle manually the signing stuff and NOT let expo handle this.
4 - Set the path for the new json file I got from Google that contains my ‘private_key’ and stuff.
5 - What Alias do I set?
6 - What Password do I set?
7 - Hit enter and wait expo build the new apk with the new right key
8 - Publish the app at Google?

So, in my head that’s what I need to do. I’m problably missing something. I’m still kinda confused about all this situation. Please, tell me if something is wrong. I really appreciate your help, you gave me hope again.

If you’re not familiar with android credentials, I definitely recommend letting Expo handle the process. After we create the credentials for you, it’s always a good idea to back them up to a safe location by running expo fetch:android:keystore. That way you don’t need to worry about creating them yourself, and still can save them wherever you want just in case (the options given by Hirbod are absolutely fine) :smile:

1 Like

As soon as you’ve reached out to the google support, they will provide you a very simple email with commands to run in your terminal. Or you just clear your credentials and as @charliecruzan said, let expo handle the process again. You will have to fetch the new generated upload key and provide this to google then. Since you have activated Google App Signing, errors like this are not fatal, just annoying. Google will take 1-2 days until they implement your new upload key. After that, you have to wait 2 more days before you can re-submit a binary update.

If you decide to let expo handle the process, fetch the keystore, run the provided commands by google against that keystore and it should generate that “PEM” file for you. IIRC, there is also a way to get that PEM from expo-cli running “expo fetch:android:upload-cert”

1 Like

Let’s say I want expo to handle the process. So I:
1 - Send an email to Google Support and ask to reset my upload key (saying that I want to provide the new upload key?).
2 - Run expo build:android -c but this time let expo handle the process
3 - Run expo fetch:android:keystore to fetch the keystore generated by expo
4 - Run the provided commands by Google against the keystore generated by expo and it should generate that “PEM” file for me.
4 - Send this ‘PEM’ file to Google
5 - Wait for Google
6 - And finally send the APK generated in step 2 to Google Play Console.

Is that all?

So, in the next updates, I just run expo build:android and send the generate APK that it will contain the right key?

Yeah, thats fine, but you don’t need to fetch the keystore (u can of course, to save it). It’s enough to grab the upload cert using the command I’ve mentioned and send it to google (they will ask for it as soon as you contact them to reset the upload key).

But the first time, clear your credentials (and never do it again afterwards, or you have to repeat it everything)

1 Like

Thank you. But how do I get the keystore generated by expo to run the provided commands by Google on it?

You don’t need to run Google commands against the keystore if you chose to let Expo handle the process. Clear the credentials, let Expo handle the process and fetch the upload key. Contact google (you find the contact options in Play Console at the area “Google App Signing”. Once you filled the form, they will write you and ask for the new PEM with instructions to get it. You can follow the instructions or just chose to let Expo handle it (its easier). Reply to the email and add the fetched upload-cert as attachment. Wait 2-3 business days. Upload your generated APK.

What you get with
expo fetch:android:upload-cert does exact these google commands internally.

1 Like

Thank you, sir. I’ll try it. I really appreciate your patience :slight_smile:

1 Like

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.