Titanium JIRA Archive
Appcelerator Community (AC)

[AC-1552] Package file was not signed correctly when installing from Google PlayStore

GitHub Issuen/a
TypeBug
Priorityn/a
StatusResolved
ResolutionNeeds more info
Resolution Date2015-09-17T06:45:39.000+0000
Affected Version/sn/a
Fix Version/sn/a
ComponentsAlloy, Appcelerator CLI, Studio, Titanium SDK & CLI
Labelsandroid, core, defect
ReporterRaymond Verbruggen
AssigneeShak Hossain
Created2014-09-22T16:01:16.000+0000
Updated2016-03-08T07:38:00.000+0000

Description

A "Package file was not signed correctly message" comes on some devices while downloading from the app store. Some devices do not generate this error. I am re-submitting this issue because no Appcelerator supported solution is found. Today I have to update an app which was originally created by Ti 3.1.2 and therefore also signed with the tools that where available at that time. I had to update my app to Ti 3.3.0 because of iOS demands. I uploaded that new version to PlayStore and then the "not signed correctly" issue comes popping up over the last weeks. The 3.1.3 to 3.3.0 updata has already taken up a lot of time because a lot of Appcelerator downward incompatibilty issues (still not solved either so far...). This "not signed correctly" issue is also a downward incompatible issue. Appcelerator should broaden their attention to developers that create apps having a lifetime that exceeds the update frequency of Ti versions!! Nothing is mentioned in the Appcelerator documentation, some comments are found in the internet about this problem, and the most promising one is to manually sign the APK using "MDAwithRSA" signing algorithm instead of "SHA256withRSA". I did that but Google rejects the apk because the file is not "zip aligned". I can "zip align" it and hope for the best, but I did not find a lead about this zip aligning in the Appcelerator documentation nor in the internet also, so I have no guarantees that that is the way to go. Another thing I tested is to start a package action from my Macbook Pro and the same project from my iMac, and compare the both APK files. Result: the files are different... I use exactly the same source files and Ti software on both machines, so the resulting file should be the same. This is also not encouraging... Simply try-and-error actions using different apk signing actions is not the way to go. This is production hey! All of this is simply not acceptable. The Ti toolchain should take care of the whole process, instead of hiding behind "it is a Java tooling problem". I do not work with Java, I work with Titanium. I need a solution ASAP!! My customer is pressing me for a solution because he does not accept failing downloads from the PlayStore. Currently I am not able to generate new versions of the app that simply work.

Comments

  1. Michael Gangolf 2014-09-22

    I have SHA256 key as well and in linux its not using MD5 by default. So I run the normal Ti Studio build process and copy the signing line and change "SHA5withRSA to "MD5withRSA" and compile it
       /usr/java/jdk1.7.0_65/bin/jarsigner "-sigalg" "MD5withRSA" "-digestalg" "SHA1" "-keystore" "/keystore.keystore" "-signedjar" "/testapp/build/android/bin/testapp.apk" "/testapp/build/android/bin/app-unsigned.apk" "user"
       
    After that I run the zipalign line again
       /user/tools/android-sdk-linux/tools/zipalign "-v" "4" "/testapp/build/android/bin/testapp.apk" "/testapp/build/android/bin/testapp.apkz"
       
    and upload the file.This is working for me without any problems. Perhaps you could upload the "ti info" output to see you configuration
  2. Raymond Verbruggen 2014-09-23

    Dear Michael, Thank you for your comment! I tried that, and the Google Playstore upload does not give errors. However no guarantee that my issue does not popup eventually... What I am trying to achieve is basically: 1) Create perception at Appcelerator that downward compatibilty is a big issue for developers. At least make documentation and provisions that trigger developers what can happen when going to newer Ti versions instead of waiting for issues in the field regarding already released app versions (the "not signed correctly" issue for example. I had a lot of issues when I wanted to upgrade an app from 3.1.2 to 3.3.0 so I am kind of easy to trigger right now... 2) why does creating a package on different machines create different binaries; that doesn't give much confidence
  3. Amimul Hossain 2015-08-31

    Hello, I have done a little bit of research on this issue. I have come up with some possible reasons for the issue and how to overcome them. 1. You have your debug copy still installed on your devices that are showing this error, most likely. Now you have downloaded a different copy of the same app and it's causing this error. Uninstall the app completely from your device. Then download it from the market again and it should work. 2. If you uninstalled the app from these device, but still appearing on the app list as 'uninstalled'. I don't think the clear cache option appears in this case. So you could also try going to Settings >> Apps, select that app, and click "Uninstall for all users". 3. Sometimes Clearing the cache for the Google Play Store app might fix this problem on the device. Go into Settings >> Apps, select that app, and click "Clear cache". Hope this helps, Thanks.

JSON Source