Which Keystore was used to sign this Android App?

Recently we were doing some work on an existing RAD Studio Android app for a customer. Their previous developer had let them down so they’d brought it to us to do the next version.

Everything went smoothly until we needed to do an AppStore build. As part of this, you need to specify a keystore file that will be used to sign the APK. Fortunately they had the keystore file and password that the previous Developer had used. Unfortunately, they had two keystore files, and didn’t know which one had been used for the prior version.

This matters a lot, because if we used a different one, the Google Play store would view this as a brand new app, and not an updated version of the old app. That means their current users would not be prompted to download an update, and they would instead have to somehow get them to all uninstall the old one and install the new one.

We found a solution in the end, but it’s a bit of a multi-step process:

  1. Install the old version from the Google Play store
    Nothing complicated here, just go to the Play store on a device that doesn’t have any version already installed, and install it.
  2. Find the package name of the app you just installed
    For this we need to drop to the command line and use adb, which is installed as part of the Android SDK that RAD Server uses. By default for Berlin, adb.exe will be in c:\Users\Public\Documents\Embarcadero\Studio\18.0\PlatformSDKs\android-sdk-windows\platform-tools. Once you know where adb.exe is, enter the following command:

    adb shell pm list packages

    Assuming the Android device you installed the app on is plugged in, this will give you a list of all the package names for all the apps installed. Search through it until you find the app in question. For the sake of argument, let’s say it is com.myappname

  3. Get the full path to the APK file for that app
    Next we need to know where it is on the device. Enter the following command, passing in the package name you found in the prior step:

    adb shell pm path com.myappname

    That should return something like this:

  4. Pull the apk file down to your Windows machine
    Once you know the where the APK file is, the following command will copy it off your device onto your local machine:

    adb pull /data/app/com.myappname-1/base.apk .

    The . on the end is just telling adb.exe to copy it into the current directory.

  5. Query the APK for the signature of the keystore file used to sign it.
    For this, we’ll need a utility that is installed as part of the JDK called keytool.exe (it’s in the JDK bin directory). You’ll want the version that comes with JDK 1.7 or later. Figure out where your JDK is, then call keytool, passing in the name of the APK file you just copied:

    keytool -list -printcert -jarfile base.apk

    This should output a bunch of info, the section we’re interested in are the Certificate fingerprints:

    Certificate fingerprints:
        MD5: 40:60:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB
        SHA1: 9A:59:E7:E3:0C:AA:7A:0D:F2:0D:05:20:12:A8:85:0B:32:C5:4F:68
        Signature algorithm name: MD5withRSA
  6. Now, we need to query each of our keystore files to find one that matches those signatures
    For each of your keystore files, run the following command, passing in your keystore name at the end:

    keytool -list -keystore myappkeystore1.keystore

    This will show you a list of the aliases and Certificate fingerprints contained in that keystore:

    my_alias, Feb 01, 2016, PrivateKeyEntry,
    Certificate fingerprint (MD5): 40:60:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB

    With any luck, one of them will match the signature you pulled from the APK in Step 5. That’s the keystore and alias you want to configure in RAD Studio.

A bit of mucking about, yes, but at least we could then proceed, confident our updates would show up in the store as updates, not as a brand new app.

Leave a Comment

Save up to 30% off Delphi, C++Builder and RAD Studio for anotherShopClose Countdown
Scroll to Top