How to get my .aab on the Android Play Store?

Up till now, I’ve gotten my app in the Android Play store through the following process:

  1. meteor build… (this generates an .apk)
  2. (once) keytool -genkey -alias…
  3. jarsigner -verbose -sigalg SHA1withRSA…
  4. /Library/Android/sdk/build-tools/28.0.2/zipalign 4…

Now, meteor build no longer generates an .apk. It generates an .aab. By slightly changing commands 3 and 4, above, I manage to get what appears to be a signed and zipped .aab.

Uploading this to the Play Store, I get this:

To upload an Android App Bundle you must be enrolled in Play app signing.

Opting in, I am given three options:

  1. Export and upload a key from Android Studio
  2. Export and upload a key from Java keystore
  3. Export and upload a key (not using Java keystore)

For each, I’m at a loss as to how to proceed. The very succinct instructions Google offers do not help me to move forward.

I have found I can have my build generate an .apk with this flag: --packageType=apk
Uploading the resulting .apk to the Play Store gets me this:

You uploaded an APK with an invalid signature (learn more about signing). Error from apksigner: ERROR: MIN_SIG_SCHEME_FOR_TARGET_SDK_NOT_MET: Target SDK version 30 requires a minimum of signature scheme v2; the APK is not signed with this or a later signature scheme

The instructions (under ‘learn more about signing’) all rely on using Android Studio to move forward. However, my app is not ‘in’ Android Studio.

What should I do next?

Hi @MastaBaba

You have to use Google Play Console to enable play app signing. Google play will generate a Keystore for you and manage all the signing processes. You don’t have to pre-sign your aab, you just need to upload the unsigned aab after enabling it in the web interface

Thanks @renanccastro,

Also when I don’t attempt to sign the .aab, I get presented with the three options I mention above. It is not clear to me for any of these how I need to proceed. The instructions that come with each do not provide the clarity I need to move forward.

Would you perhaps be able to point me to a walkthrough on what steps I need to take, next?

Thanks again.

I think this link might help you:

Thanks. That’s an interesting how-to. Buuuut, it doesn’t address one of the three options I’m faced with (the how-to talks about exporting a keystore from thunkable, which doesn’t apply to my case.)

Of the options Google gives me, I suspect I need to go with option 2, which tells me I need to execute this:

$ java -jar pepk.jar --keystore=foo.keystore --alias=foo --output=encrypted_private_key_path --encryptionkey={key}

The alias I know. It’s what I used with the initial keytool command.
I do not know what I should put for foo.keystore. Just {my-alias}.keystore?
I also do not know what I should put for encrypted_private_key_path. How do I figure that out?

@MastaBaba, you can follow this steps, the steps are using Mac OS:

  • Open the build in Android Studio
  • From the Android menu select Build > Generate Signed Bundle / APK…
  • Select Android App Bundle and click Next
  • Add your keystore details and at the bottom you should have the option Export encrypted key for enrolling published apps in Google Play App Signing - Check this and select your destination folder, Click next
  • Select your Build variant and click on Finish
  • In Google Play Console select Export and upload a key from Android Studio upload the encrypted key from the destination folder. The name should be private_key.pepk

You should be able to publish the .abb in Play Store

Thanks @cmboros, that looks like a useful guide.

I have never used Android Studio to get my apps in the Play Store, though. I just tried both meteor run android and meteor run android-device, assuming they are similar to meteor run ios-device, which I do use to get my app in the App Store, but though my meteor build works fine, and generates an .aab, neither of the meteor run android nor meteor run android-device work for me.

Specifically, I get the following spaghetti:

✗ Android target: Command failed with exit code 1: avdmanager list target
Exception in thread “main” java.lang.NoClassDefFoundError: javax/xml/bind/annotation/XmlSchema
Caused by: java.lang.ClassNotFoundException: javax.xml.bind.annotation.XmlSchema
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(
at java.base/java.lang.ClassLoader.loadClass(
… 5 more

Any thoughts on this new challenge would be appreciated :slight_smile:

I have found that, using Android Studio, I can ‘just’ open the build which is created with meteor build. Huzzah!

Then, generating the ‘signed bundle or APK’, I need to fill in details of my existing key, which requires specifying the ‘Key store path’.

I have created my key like so (as per some other tutorial):

keytool -genkey -alias {{myalias}} -keyalg RSA -keysize 2048 -validity 10000

Note, I have not included a filename in this.

How do I figure out where my keystone file is, so that I can specify it in Android Studio?

Turns out my keystore was a hidden file, named .keystore, in my home folder.

Now, following @cmboros’s steps gave me a file, private_key.pepk, which I was able to upload, which then saw Google give me two certificates, deployment_cert.der and upload_cert.der.

Now, Google tells me there’s an error with my release:

This release does not add or remove any app bundles.

I started this process with uploading my .aab, but, on checking its existence, found it was no longer there.
Re-uploading the same .aab now gets me this:

The Android App Bundle was not signed.

Didn’t I just jump through the hoops exactly to get it signed by Apple?

I then tried signing the .aab in the way I had been doing with earlier builds:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 app-release.aab {{myalias}}

The, now signed, app-release.aab was now accepted by Google, and I managed to get it accepted as a new release for testing.

Thanks @renanccastro, @cmboros.