153

When trying to install a signed application (app-release.apk), a "Blocked by Play Protect" alert is shown and the app is not installed. However, an unsigned application (app-debug.apk) can be installed without problems.

The error message:

Play Protect doesn't recognise this app's developer. Apps from unknown developers can sometimes be unsafe.

Why this error happened? What's the solution?

image of Error

zsmb13
  • 85,752
  • 11
  • 221
  • 226
Mostafa Azadi
  • 2,893
  • 2
  • 12
  • 19
  • 4
    I also faced same issue with my app. Though my google account got suspended when I tried to publish my app. What I realize that google update play protect check list with suspended package name and afterward if you try to install same package name, play protect start giving fake warning. I created a new app with suspended package name and only main activity and no other code added. Signed with suspended apk keystore and tried to install. Amazingly play protect showed harmful alert as show in your question. I also tried to make new package with all classes of suspended app but no alert by play. – Panache Dec 06 '18 at 03:00
  • See the solution here: https://stackoverflow.com/a/54976730/984471 – Manohar Reddy Poreddy Mar 04 '19 at 10:16
  • the same problem for me but found other Keystore that not even published app to google play, sign app correctly, and this dialog not appear! even if you create a new app has the problem out of the box. I have multiple applications and other Keystore works correct with my new app! I don't know how to google decide the developer of apps unknown! I never have a google play console account. – Hamed Hosseini May 24 '20 at 14:01
  • have you found the root cause of the issue? – ThinkAndCode Jun 17 '21 at 07:57

16 Answers16

86

I found the solution: Go to the link below and submit your application.

Play Protect Appeals Submission Form

After a few days, the problem will be fixed

Mostafa Azadi
  • 2,893
  • 2
  • 12
  • 19
  • 3
    @MostafaAzadi What was the exact reason? – Behnam Maboudi Aug 01 '18 at 19:18
  • 4
    if you're not using SSL , and enabled plaintext communications on manifest, that's the reason. – DaniloDeQueiroz Oct 23 '18 at 16:37
  • 1
    if you have a problem by URL to download your APK file , this is helful : https://stackoverflow.com/a/56513945/9710197 – Mostafa Azadi Jun 09 '19 at 10:54
  • @DaniloDeQueiroz Are you absolutely sure the issue is because of cleartext communications? So removing `android:usesCleartextTraffic="true"` should solve the issue right? Thanks. – AnthoPak Nov 04 '19 at 09:08
  • @AnthoPak if remove android:usesCleartextTraffic="true" , app crashed in android 9 – Mostafa Azadi Nov 04 '19 at 10:17
  • @MostafaAzadi Except if I replace all HTTP calls with HTTPS right? – AnthoPak Nov 04 '19 at 10:30
  • 2
    Hello. I cannot submit my app to appeal for Play protect. How to upload the apk? I am getting an email saying that the apk cannot be downloaded, although I am providing direct download links via GitHub. – SayantanRC Nov 17 '19 at 16:50
  • why we provide then apk which we dont want to give them ? i have already apps on play store with same account which i have signed in android studio but this one i dont want to and also dont want to provide them apk as well . Any other solution ? – Ahmad Apr 07 '20 at 19:36
  • link is broken now – Saeed Arianmanesh Jan 31 '23 at 16:56
30

There are three options to get rid of this warning:

  1. You need to disable Play Protect in Play Store -> Play Protect -> Settings Icon -> Scan Device for security threats
  2. Publish app at Google Play Store
  3. Submit an Appeal to the Play Protect.
Sinandro
  • 2,426
  • 3
  • 21
  • 36
Ali
  • 1,857
  • 24
  • 25
27

Try to create a new key store and replace with old one, then rebuild a new signed APK.

Update: Note that if you're using a http connection with server ,you should use SSL.

Take a look at: https://developer.android.com/distribute/best-practices/develop/understand-play-policies

Amirhosein
  • 4,266
  • 4
  • 22
  • 35
  • I create a new key store,first is good and no error but after one day show same error – Mostafa Azadi Jun 30 '18 at 04:11
  • 2
    Maybe it is because of the max validity of most purchased certificates is around last years. Set expiration date greater than 50 years. – Amirhosein Jun 30 '18 at 04:44
  • 1
    I created this app this month and i set validity(years) of signature 25 years – Mostafa Azadi Jun 30 '18 at 07:30
  • 1
    @MostafaAzadi , Amirhosein I have same problem here. have you found anything? – Behnam Maboudi Jul 05 '18 at 08:57
  • 1
    This started happening with our app as well, no clue yet on how to solve it other than turning off Google Play Protect in the Play Store - which isn't really a solution for all our Beta users. – zsmb13 Jul 05 '18 at 14:52
  • 20
    Yeah, it seems ridiculous. What's worse is that I only get this popup the first time I install the application. Even if I accept it and install it, on the next install it logs "Installation blocked silently" and I get an "App not installed" message on the UI. At that point, only disabling Play Protect altogether or clearing Play Store data from settings gets me the popup again. This is happening with a key that we've generated with the same script as dozens of our other apps that are in the Play Store and working fine. – zsmb13 Jul 05 '18 at 15:36
  • 2
    @Amirhosein Thanks for your answer. my app is not even published to playstore yet. So it couldn't be play store policy violation. I have this problem with only one of my sign keys (which is not released yet) And zsmb13 has this problem with their released app. also please describe how non-ssl communication triggers play protect before even running the app for the first time. – Behnam Maboudi Jul 07 '18 at 06:11
  • Its worked for me!!! old sign file has problem and I create new sign then problem solved!!! Thanks. – Masoud Mokhtari Jul 17 '18 at 05:45
  • @MasoudMokhtari I have the same problem. can u show me the sign command that you have used and the validity? – Dave Cruise Jul 19 '19 at 01:33
  • @MoHammaDReZaDehGhani That's because we live in Iran. – ʍѳђઽ૯ท Jan 16 '21 at 08:33
15

Google play finds you as developer via your keystore.

and maybe your country IP is banned on Google when you generate your new keystore.

change your IP Address and generate new keystore, the problem will be fixed.

if you didn't succeed, use another Gmail in Android Studio and generate new keystore.

Meisam Beiranvand
  • 207
  • 1
  • 4
  • 1
    Did you do this stuff? cause i have this problem and my applications has authenticate from Iran and can not send application from appeal , ( they cant test it ) , so how can i solve it? thanks dude – Nima habibkhoda Aug 07 '18 at 09:09
  • 4
    It didn't work for me! I use keytool for creating keystore – Amir Shabani Sep 10 '18 at 06:52
  • 1
    that's not solution because new keystore banned after some day too . best way submit app in appeal google protect site. – Meisan Saba Nov 14 '20 at 06:14
14

I am adding this answer for others who are still seeking a solution to this problem if you don't want to upload your app on playstore then temporarily there is a workaround for this problem.

Google is providing safety device verification api which you need to call only once in your application and after that your application will not be blocked by play protect:

Here are there the links:

https://developer.android.com/training/safetynet/attestation#verify-attestation-response

Link for sample code project:

https://github.com/googlesamples/android-play-safetynet

Mr. Patel
  • 1,379
  • 8
  • 21
  • 1
    @Ahmad ofcourse it works all of my colleagues are using this api to solve the problem we have handed over more than 20 different apks to clients until now and it works perfectly – Mr. Patel Apr 08 '20 at 05:16
  • I am banging my head into the walls at this point. I have followed the above links and I am also getting a successful response after attestation but the blocked by play protect does not seem to go away. Is there anything I could be doing wrong and are you sure this workaround works right now? – Sadda Hussain Oct 01 '21 at 10:46
  • @SaddaHussain it still works you must be doing something wrong make sure that you're not calling the api with a different package and then changing your app signature later the api needs to be called only once from your main activity and after that your app will not be blocked anymore – Mr. Patel Oct 04 '21 at 17:27
  • Thanks for the response Patel, this is what I am doing. I have enabled the device verification API. Package name and app id are the same. I am calling the API in the main activity. making a signed APK and installing that app and getting the play protect warning. After installation, I am getting the success result on the main activity. I am uninstalling the app and reinstalling the same apk and still getting play protect warning. What am I doing wrong? – Sadda Hussain Oct 05 '21 at 04:18
5

the only solution worked for me was using java keytool and generating a .keystore file the command line and then use that .keystore file to sign my app

you can find the java keytool at this directory C:\Program Files\Java\jre7\bin

open a command window and switch to that directory and enter a command like this

keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

Keytool prompts you to provide passwords for the keystore, your name , company etc . note that at the last prompt you need to enter yes.

It then generates the keystore as a file called my-release-key.keystore in the directory you're in. The keystore and key are protected by the passwords you entered. The keystore contains a single key, valid for 10000 days. The alias is a name that you — will use later, to refer to this keystore when signing your application.

For more information about Keytool, see the documentation at: http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

and for more information on signing Android apps go here: http://developer.android.com/tools/publishing/app-signing.html

alireza easazade
  • 3,324
  • 4
  • 27
  • 35
3

If you are using some trackers like google analytics or amplitude and you are trying to release your app in another platforms other than Google Play, this errors appears for users. So there are two possible solutions:

  1. Use special trackers in your app (firebase and appmetrica are tested and are ok)
  2. Release your app in Google Play
majran
  • 469
  • 5
  • 13
2

it is due to expired of debug certificate simply delete the debug.keystore located at 

C:\Users\.android\

after that build your project the build tools will regenerate a new key and it will work fine. here is a reference:

https://developer.android.com/studio/publish/app-signing
Jasbin Karki
  • 574
  • 7
  • 15
1

the solution lies in creating a new key when generating the signed apk. this worked for me without a fuss.

  1. click on Build
  2. click generate signed Bundle/APK...
  3. choose either Bundle / APK (in my case APK) and click Next
  4. click on create new (make sure you have a keystore path on the machine)
  5. after everything, click finish to generate your signed apk

when you install, the warning will not come.

K.D. MBEDOBE
  • 43
  • 1
  • 12
1

I solved this problem by changing my application package name according to signature certificate details. At first I created application with com.foo.xyz but my certificate organization was 'bar'. So I change my package name to com.bar.xyz and now there is no google play protect warning!

Artin GH
  • 546
  • 2
  • 10
  • 21
1

There is no very precise way to solve this problem, but the following tasks can be effective in solving the problem

  • Click Invalid Caches/Restart

  • Do the login process of Android Studio

  • Click generate signed Bundle / APK

  • Fill in all the "generate signed Bundle" information completely.

  • Do not use the same password. Make sure your passwords are different in "generate signed Bundle" different. Preferably enter the address of America with the code 01

  • It is probably sensitive to Persian, so it is better not to write in Persian in the program. Write the program menu in English and make it Persian in the next updates

  • Remove extra permissions

  • Finally, go to the site below and request a troubleshooting https://support.google.com/googleplay/android-developer/answer/2992033?hl=en

  • Fill in the first and last name correctly

  • Upload the installation file, for example, in Dropbox, and copy the link

  • If you are using Dropbox, be sure to change the number zero at the end of the link to one, then submit it or use link shortening sites.

  • If your request is not approved, shorten the link of the installation file, for example, using the https://bit.ly site

  • In the description section, explain the problem. For your convenience, I will leave a sample text for you :

     Greetings to the esteemed Google Team

 I am sending this request to fix the "Blocked by Pay Protect" error

 ****{Write your app info and your reasons}****

 Fast, simple, free and lightweight, no annoying ads ,This app does not collect and store user data! 
 Also, no unnecessary cost is imposed on the user and is completely free , It 
 also certifies that this app does not harm user privacy and is not harmful to users

 Thank you

  • If you did not receive the confirmation email, repeat the request again a few days later

Masoud Siahkali
  • 5,100
  • 1
  • 29
  • 18
1

Try the old certificate
I found one of them on github (created before 2017)
https://github.com/patrickfav/uber-apk-signer/blob/main/src/main/resources/debug.keystore
It works for me
In gradle:

signingConfigs {
    certificate {
        storeFile file('debug.keystore')
        storePassword "android"
        keyAlias "androiddebugkey"
        keyPassword "android"
    }
}

...

signingConfig signingConfigs.certificate
Vlad
  • 7,997
  • 3
  • 56
  • 43
0

If there were hardware changes, try to re-download or re-create jks file.

I also faced such problem, it occured after moving my SSD from one PC to another. This gave a hint that there were no need to send the app to Google for verification: an old apk file was installing with no warning. So I replaced an android.jks on my hard drive with the one from the cloud, created a signed apk and the problem has gone.

Victor
  • 23
  • 6
0

This error usually happens if you try to install an app from .apk file. The first thing you can do is to disable Play Protect from the inside of Play Store app in your phone:

Open Google Play Store app --> Play Protect --> Click Settings Icon on the top --> Disable scanning apps for security

Note: It is recommended that you enable it back again after finishing installation for security purposes.

Now after this you should be able to install the app. If you still receive error saying something like Error, app was not installed when you click on the .apk file, it means you have installed version of that app already. Uninstall the app first then you can install the app from .apk file without problem.

Elmar
  • 2,235
  • 24
  • 22
-1

Update: The following method doesn't work anymore.

Not the solution, but you can use debug key for signing release builds to avoid blocking the installation from Google Play Protect. It looks like Play Protect doesn't warn for builds signed with automatically generated debug.keystore.

Note that your debug builds are not unsigned, they are just signed with a debug key.

Of course, you cannot use the build for production distribution (Google Play, Amazon, etc.), but it's still worth for pre-production internal testing which requires a high-frequency feedback loop.

You can add a task to build release with debug.keystore by adding the configuration in build.gradle, something like:

android {
  buildTypes {
    // add after the `release` definition
    releaseDebugKey { initWith release }
  }

  signingConfigs {
    // use debug.keystore for releaseDebugKey builds
    releaseDebugKey { initWith debug }
  }
}

then execute ./gradlew assembleReleaseDebugKey to build a release build with debug key.

tnj
  • 921
  • 7
  • 12
-2

I kept getting this issue after installing my app on a real device for debug.

enter image description here

And the problem was that I had android:exported="true" attribute present on the main activity in manifest file. I removed it and Play Protect warning disappeared.

DharmanBot
  • 1,066
  • 2
  • 6
  • 10
Eugene
  • 177
  • 2
  • 5