-3

I have a cart app that requires user to login using PHP laravel API. When I run the app from android studio it works correctly with no errors or unexpected behavior, but when I install it from the Google play store and write my phone number and password to login, the app shows an empty toast message and does nothing, API is returning an empty body.

I tested the API in my android emulator and postman, the API seems to be working fine with the expected response.

The picture attached shows the log for a signed APK I built without uploading it to the store (only for testing).

How can I solve that problem?

enter image description here

mkrieger1
  • 19,194
  • 5
  • 54
  • 65
Alaa
  • 35
  • 2
  • 9
  • are you using obfuscation ? – a_local_nobody Feb 19 '21 at 10:09
  • 2
    Completely unrelated, why, why, why would you use GET parameters for the password?? [It's a bad idea](https://stackoverflow.com/a/36840297). Use a POST body unless you're looking to create an insecure program. (in which case, I hope this won't be used in the wild, for the sake of the users) – Zoe Feb 19 '21 at 10:11
  • It's a POST request not GET, GetLogin is the name of the model I use to handle the response! – Alaa Feb 19 '21 at 12:52
  • @POST("login") Call login(@QueryMap Map map); – Alaa Feb 19 '21 at 12:53

2 Answers2

1

There are two common causes for such issues:

  • Obfuscation: Are you testing the release APK or the debug APK locally? If you test the debug APK locally, you may not be testing with obfuscation so the behaviour of the app may differ. Make sure you test locally the release APK.

  • Certificates: If you use an API, you often have to register with that API providing with the SHA-1 of the certificate of your APK. When you publish to the Play Store, if you're enrolled in in Play Signing, Google Play re-signs the APK before sending it to users, so the SHA-1 would be different. You would thus to also register the SHA-1 of the "app signing key" that Play signed the final APK with. You can find this certificate and the SHA-1 in the App Signing (or now called App Integrity) of the Play Console.

It's hard to tell which category you're falling into, so consider checking both.

Pierre
  • 15,865
  • 4
  • 36
  • 50
1

I solved the problem after I removed minifyEnabled line in the gradle file

Alaa
  • 35
  • 2
  • 9