Background:
I have integrated the HMS Core SDK for a game, and recently, submitted a game update for review, but it is rejected because the app signature differs from that of my released game.
I’ve written the following troubleshooting guide to help resolve this problem.
Troubleshooting
1. Check whether the current app version is the same as the previous version.
View the fingerprint certificate in the project.
a. Open the CLI and run the keytool -list –v –keystore [file path] command.
b. Enter the keystore password.
c. View the current signing certificate fingerprint.
View the APK signature.
a. Run keytool -printcert -jarfile xxx.apk (APK file path).
b. The following information is displayed.
c. You can view the SHA-256 certificate fingerprint of the current APK. Check whether this value of the two app versions is consistent.
Then check whether the two fingerprints are consistent with that in your project.
2. If the certificate fingerprints are inconsistent, this can be caused by two different reasons. The first one is that the two APKs have been packaged using different signature files. If they are inconsistent, you should first check whether the .jks or keystore files used for app signing in the project are consistent. Or, you can check whether you have used keystore files from different environments or platforms.
Example:
The .jks or keystore files used for the debug and release environments are different. You need to ensure that each .jks or keystore file matches the environment. For example, you cannot configure the .jks or keystore file in debug to the release environment.
3. If the .jks or keystore files are consistent, you need to check whether an automatic process has been used for packaging and signing. If so, check whether DEX file encryption has been used, which can lead to inconsistent signatures.
I have integrated the HMS Core SDK for a game, and recently, submitted a game update for review, but it is rejected because the app signature differs from that of my released game.
I’ve written the following troubleshooting guide to help resolve this problem.
Troubleshooting
1. Check whether the current app version is the same as the previous version.
View the fingerprint certificate in the project.
a. Open the CLI and run the keytool -list –v –keystore [file path] command.
b. Enter the keystore password.
c. View the current signing certificate fingerprint.
View the APK signature.
a. Run keytool -printcert -jarfile xxx.apk (APK file path).
b. The following information is displayed.
c. You can view the SHA-256 certificate fingerprint of the current APK. Check whether this value of the two app versions is consistent.
Then check whether the two fingerprints are consistent with that in your project.
2. If the certificate fingerprints are inconsistent, this can be caused by two different reasons. The first one is that the two APKs have been packaged using different signature files. If they are inconsistent, you should first check whether the .jks or keystore files used for app signing in the project are consistent. Or, you can check whether you have used keystore files from different environments or platforms.
Example:
The .jks or keystore files used for the debug and release environments are different. You need to ensure that each .jks or keystore file matches the environment. For example, you cannot configure the .jks or keystore file in debug to the release environment.
3. If the .jks or keystore files are consistent, you need to check whether an automatic process has been used for packaging and signing. If so, check whether DEX file encryption has been used, which can lead to inconsistent signatures.
Last edited:
