AAB file signing tutorial

Hello everyone!
I have prepared a guide for signing AAB files
I also posted it in the Kodular community but thought it would be helpful if I posted it here as well:)

  • Step 1: Sign in to the Google play console and create a new version of your application.

  • Step 2: We now need to sign up for the Play app signing program, so click on opt-in.

  • Step 3: Now select the second option (Export and upload a key from Java keystore) and download the PEPK tool.

  • Step 4: Download the Keystore of your application from App Inventor:

  • Step 5: Copy the following code and paste it into the text editor:

java -jar Path to pepk.jar --keystore=Path to keystore --alias=Enter the alias here, usually applications built in App Inventor should have the alias: androidkey --output=The path to export the private key file (what needs to be uploaded to Play App Signing) It should be a zip file! --encryptionkey=Enter the sequel here (this is already entered in what you copied from the Play App Signing)

  • Step 6: Now replace the bold text with the one for you. In the line: Enter the sequel here (this is already entered in what you copied from the Play App Signing) Replace with the code you will see in the Play App Signing:

  • Step 7: Once you have filled in all the details copy all and paste in terminal, then press enter, now you will be asked to enter the password for store, for applications built in App Inventor the password should be android
    You will then be asked to enter the password for the key- this too should be android (in applications built in App Inventor)
  • Step 8: If you did everything right then you will see a new zip file in the path where you instructed to export the file.
    Upload this file to the Play app signing.
  • Step 9: Now export your application (from App Inventor) as an aab file and you can upload it in the new version
    And that’s it! You can now upload aab files!
9 Likes

See also

4 Likes

Hmm.. Do we want to do this :thinking:. I think I haven't done this when I first uploaded my app (APK format) using MIT App Inventor.

2 Likes

Well, new apps must use AAB and soon we will have to use AAB for existing apps as well

3 Likes

No, as I said in the guide:

2 Likes

Do we want to do what?

2 Likes

My mistake.

I was probably confused because of the API 30 targeting for existing apps

image

However I believe Google will require this in the future

1 Like

I don't think so, because Google has had enough time to think about it and set its guidelines.

3 Likes

We've discussed this internally as well, and we think that part of the reason that existing apps won't be required to move to using AABs is that the signing keys needed for PAS may have been generated by hardware security modules and therefore cannot be extracted. Therefore, apps published in this way must continue to proceed as is because there is no physical way to turn over the signing key to Google (needed because Android won't accept updated APKs if the signatures don't match). This is just speculation though.

3 Likes

That doesn't convince me, because it is optional whether I stay with APKs or switch to AABs.

Sure. I wasn't implying you couldn't switch as a personal choice, only that circumstances exist by which I don't think Google could force the switch.

3 Likes

ya hice le procedimiento y aun no he podido firmarla, a partir del paso 5 me pierdo, no se si pueda ser mas especifica, por que no deja copiar y pegar y en el caso de la sustitución de las letras negras no se que hacer, me pueden ayudar.

If it's a new application try signing in again with this template:

java -jar Path to pepk.jar --keystore=Path to keystore --alias=Enter the alias here, usually applications built in Kodular should have the alias: androidkey --output=The path to export the private key file (what needs to be uploaded to Play App Signing) It should be a zip file! --include-cert --encryptionkey=Enter the sequel here (this is already entered in what you copied from the Play App Signing)

Why?
It is not necessary to switch to Google's Play App Signing (PAS) for existing apps that have been uploaded and published as APK. I would advise anyone not to opt for PAS as it just makes things unnecessarily complicated.

You don't have a choice for new apps, but then there is no problem with signing the AAB.

I agree with you, but the guide explains the process required for both existing and new applications

In addition, I can confirm that even after registering for PAS the APK can still be used

For new apps (i.e. for AABs) you just have to make sure that a new keystore is used. That's all.

2 Likes

no es muy descriptivo el manual, a partir del paso 5 no es muy claro

As I already explained before, there is no need to follow this guide.

So what is your suggestion for new apps, which require aab to keep it as simple as possible?
As we know, for already uploaded apps before August 21 we can continue to upload apks...

Taifun

As I already said: