Same keystores but different SHA1 fingerprints

Hello.
Today I created some update for my app, but GooglePlay did notice:

You uploaded an APK that is not signed with the upload certificate. You must use the same certificate. The upload certificate has fingerprint:

Yes, i saw this, but I dont understand how it can be possible? I released about 10-15 updates to Google Play with this .keystore file. One time I handled expo signing process and then signing was automatic by expo.
What I can do to send apk to GooglePlay with correct fingerprint ?

Last correct apk has name like android%2F@MY_TEAM_NAME%2F_MY_APP_NAME_.apk
and current apk with incorrect signing has name like
android%2F@MY_TEAM_NAME%2F_MY_APP_NAME_-574e826c-368a-11e8-8c15-0a580a78210e-signed
May be this information can help you.

2 Likes

I have also encountered this on my build today. Any ideas?

+1, Got that today (did not change Keystore, but SHA-1 changed) as well.
Not facing the different APK name issue, however.

To follow up -

I just noticed that Expo generated a new keystore today for an existing app even though there was no instructions to do so.

The only changes I did was adding a scheme field to the app.json file.

Could anyone come in to help for this?

Any news? I’ve got the surprise today
@ide @dikaiosune

I have valid jks file with all credentials. I checked Keystore password, Alias and SHA-1 fingerpring. It is the same as needed. But I’ve received a new build with different fingerprints today. Of Course i cant add this build to google play market.

Also this build is finished correctly, but it doesn’t have any signature (ERROR: JAR_SIG_NO_SIGNATURES: No JAR signatures.)
jarsigner: key associated with XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX not a private key
builds id – 3e0b55a6-1f58-4a61-9817-a763572bcc4d

Hello friends! To any of you who I already helped separately with this, I apologise for the notification, but to anyone else, if you confirm the effected expo account name and app name, I can restore your previous keystore.

Some detail: a bug in our build system which we’ve since fixed would overwrite new Android keystores for a fraction of people who started a build when our credential storage system was unavailable. It sucked so much! I am so sorry to everyone who was effected!

4 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.