AAB file signing tutorial

We've discussed this internally as well, and we think that part of the reason that existing apps won't be required to move to using AABs is that the signing keys needed for PAS may have been generated by hardware security modules and therefore cannot be extracted. Therefore, apps published in this way must continue to proceed as is because there is no physical way to turn over the signing key to Google (needed because Android won't accept updated APKs if the signatures don't match). This is just speculation though.


That doesn't convince me, because it is optional whether I stay with APKs or switch to AABs.

Sure. I wasn't implying you couldn't switch as a personal choice, only that circumstances exist by which I don't think Google could force the switch.


ya hice le procedimiento y aun no he podido firmarla, a partir del paso 5 me pierdo, no se si pueda ser mas especifica, por que no deja copiar y pegar y en el caso de la sustitución de las letras negras no se que hacer, me pueden ayudar.

If it's a new application try signing in again with this template:

java -jar Path to pepk.jar --keystore=Path to keystore --alias=Enter the alias here, usually applications built in Kodular should have the alias: androidkey --output=The path to export the private key file (what needs to be uploaded to Play App Signing) It should be a zip file! --include-cert --encryptionkey=Enter the sequel here (this is already entered in what you copied from the Play App Signing)

It is not necessary to switch to Google's Play App Signing (PAS) for existing apps that have been uploaded and published as APK. I would advise anyone not to opt for PAS as it just makes things unnecessarily complicated.

You don't have a choice for new apps, but then there is no problem with signing the AAB.

I agree with you, but the guide explains the process required for both existing and new applications

In addition, I can confirm that even after registering for PAS the APK can still be used

For new apps (i.e. for AABs) you just have to make sure that a new keystore is used. That's all.


no es muy descriptivo el manual, a partir del paso 5 no es muy claro

As I already explained before, there is no need to follow this guide.

So what is your suggestion for new apps, which require aab to keep it as simple as possible?
As we know, for already uploaded apps before August 21 we can continue to upload apks...


As I already said:

Then before creating a new keystore let me suggest to first backup the old keystore because for the older apps you still might want to use it...


1 Like

Yes, definitely!


I'm afraid I don't understand steps 5 or 6.

Have you seen this post?

Yeah, I saw it. I don't understand it.

You don't have to understand because it isn't necessary.

It is if I want to make my new version of my app an Android Bundle which I do. I know I don't have to. I've decided I want to. I'm trying to distinguish my stupid product in a over-crowded field of equally-stupid products. It may not work. I want to try it.

Look, you're not helping. Stop. Just stop.

Ok, if you want to make your life harder than necessary, go ahead ... :upside_down_face:

1 Like