0

Background

I think there is an issue on Google login that is related to the fact we use the same key configuration for 2 different flavors of an app we work on. The reason is that both seem to have the same SHA1 on debug and release.

The issue exists only on release version of the second flavor. On build&debug of the first flavor, and on debug of the second, it works fine.

The problem

I should probably generate a new key configuration while using the same release-keystore (generate using the existing one), but I'm not sure how to set it up on the gradle file.

Suppose the 2 package-names are "com.free" and "com.paid" (not real names, just for here to simplify the question).

This is what I have now, simplified and without the real values

defaultConfig {
    applicationId "com.free"
    ...
}

signingConfigs {
    debug {
        storeFile file('debug.keystore')
        storePassword "storePassword1"
        keyAlias "keyAlias1"
        keyPassword "keyPassword1"
    }

    release {
        storeFile file('release.keystore')
        storePassword "storePassword2"
        keyAlias "keyAlias2"
        keyPassword "keyPassword2"
    }
}

buildTypes {
    release {
        signingConfig signingConfigs.release
        ...
    } 

    debug {
        ...
    }
}

flavorDimensions.add("default")

productFlavors {
    free {
        dimension "default"
        applicationId "com.free"
        ...
    }

    paid {
        dimension "default"
        applicationId "com.paid"
        ...
    }
}

namespace 'com.free'

So this generates the 4 build-variants in the "Build Variants" window of Android Studio:

  1. freeDebug
  2. freeRelease
  3. paidDebug
  4. paidRelease

I want to stay with these, yet for "paid" ones have a different key-configuration as it's using the same one of "free" ones.

What I've found and tried

I've found the next questions and tutorials about this topic:

So, what I tried is to split the "release" in the "signingConfigs" (no need for the debug, as this one works fine for debug-free combination), remove the "signingConfig" from "buildTypes"->"release", and have 4 productFlavors instead of 2:

signingConfigs {
    //unchanged:
    debug {
        storeFile file('debug.keystore')
        storePassword "storePassword1"
        keyAlias "keyAlias1"
        keyPassword "keyPassword1"
    }

    //using new keystore file, split for 2 different flavors, and have new keyAlias and keyPassword for "paid" :
    releaseFree {
        storeFile file('new_release.keystore')
        storePassword "storePassword2"
        keyAlias "keyAlias2"
        keyPassword "keyPassword2"
    }
    releasePaid {
        storeFile file('new_release.keystore')
        storePassword "storePassword2"
        keyAlias "keyAlias3"
        keyPassword "keyPassword3"
    }
}

buildTypes {
    release {
        //commented this as it can't be used anymore (split and not shared)
        //signingConfig signingConfigs.release
        ...
    } 

    debug {
        ...
    }
}

flavorDimensions.add("default")

productFlavors {
    //split to 4 : free-debug, paid-debug, free-release, paid-release

    freeDebug {
        dimension "default"
        applicationId "com.free"
        //identical debug key configuration should work fine for both
        signingConfig signingConfigs.debug
        ...
    }

    paidDebug {
        dimension "default"
        applicationId "com.paid"
        //identical debug key configuration should work fine for both
        signingConfig signingConfigs.debug
        ...
    }

    freeRelease {
        dimension "default"
        applicationId "com.free"
        signingConfig signingConfigs.releaseFree 
        ...
    }

    paidDebug {
        dimension "default"
        applicationId "com.paid"
        signingConfig signingConfigs.releasePaid 
        ...
    }
}

The IDE accepts these changes, but instead of the planned 4 items in the "Build Variants" window, I see 8:

  1. freeDebugDebug
  2. freeDebugRelease
  3. freeReleaseDebug
  4. freeReleaseRelease
  5. paidDebugDebug
  6. paidDebugRelease
  7. paidReleaseDebug
  8. paidReleaseRelease

Pretty sure what happened here is that for each flavor, it generated debug&release, and as I have defined 4 flavors, it's 4*2=8 ...

The questions

  1. What have I done wrong here? How can I have 4 items as planned and as existed originally ? Maybe possible to set a buildType for each flavor? Or maybe I need to set 2 dimension values, one for "free" and one for "paid" ?

  2. Are the settings of the signingConfigs items seem fine? For each different file, it uses the same storePassword value, and for each flavor, it should use a different keyAlias and keyPassword . Right?

android developer
  • 114,585
  • 152
  • 739
  • 1,270

1 Answers1

1

You don't need to create 4 product flavors, you can use build type to differentiate between debug and release build and set signing config accordingly.

productFlavors {
    free {
        applicationId "com.free"
    }

    paid {
        applicationId "com.paid"
    }

}

Use build type for release/debug to set your signing config.

buildTypes {
    release {
        productFlavors.free.signingConfig signingConfigs.releaseFree
        productFlavors.paid.signingConfig signingConfigs.releasePaid
        ...
    }
    debug{
        productFlavors.free.signingConfig signingConfigs.debug
        productFlavors.paid.signingConfig signingConfigs.debug
    }
}

Note: buildTypes block should be placed after productFlavors block

Nitish
  • 3,075
  • 3
  • 13
  • 28
  • Thank you. I've changed the project accordingly and it seems correct. Can you please answer if what I wrote about signingConfigs seems correct? I tried to add new key-alias&password (using this tool: keystore-explorer.org ) by having a different date than the old one, and yet when I use the "signingReport" task, I saw for some reason "Config: debug" for each item on the result of this task. How come? I tried to force showing only release (commented all configurations of debug), and only then I saw the SHA1 for release (and they were different from one another, as I hoped). – android developer Feb 13 '23 at 14:16
  • 1
    `what I wrote about signingConfigs seems correct?` - yes that's correct. Not sure about `keystore-explorer.org` never used one, – Nitish Feb 14 '23 at 04:51
  • Thank you. Would using a new key-alias cause an issue in publishing the app on the Play Console? As for the "signingReport" issue, I've reported this here: https://issuetracker.google.com/issues/269158595 – android developer Feb 14 '23 at 07:56
  • `using a new key-alias cause an issue in publishing the app on the Play Console` - yes it would not consider it update over the previous one, you will have to make it as a new release. Most probably play store will give error saying not using same keystore. – Nitish Feb 14 '23 at 09:44
  • It's not a different keystore. It's a different key-alias within the same keystore. – android developer Feb 14 '23 at 10:11
  • 1
    Yes, keystore, it's alias and password must be same for app to be considered an update over previous one. [keystore-and-key-alias](https://stackoverflow.com/questions/17663991/keystore-and-key-alias) – Nitish Feb 14 '23 at 10:19
  • That's too bad. I have no idea how to solve this issue if it occurs. Anyway thank you – android developer Feb 14 '23 at 10:27
  • I was sure this works fine, but after analyzing the generated APK, it was using the debug option instead of release option as I've chosen. Can you please check it out? Also about the updating, sadly this is also an issue, but only for the app that got the key-alias changed. – android developer Mar 15 '23 at 09:09
  • I don't know what happened, but now it works fine again. Sorry. I'm now accepting the answer again. – android developer Mar 15 '23 at 10:01