Extracting a SHA-1 or SHA-256 fingerprint for Google Play app signing
Some Android developers may elect to sign their apps using Google Play and allow Google to manage the app signing certificate. In order to sign apps on Google Play after signing the app on Appdome, you need to first extract a SHA-1 or SHA-256 Fingerprint from the Google Play signing certificate.
This Knowledge Base article provides instructions on how to extract a SHA-1 or SHA-256 fingerprint from a Google Play signing certificate in order to sign and manage certificates on Google Play.
How to sign apps on Google Play
Appdome is a mobile integration platform as a service (iPaaS) that allows users to add a wide variety of features, SDKs and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily integrate features to any mobile app – instantly, no code or coding required.
To use Appdome’s signing or private signing with an app meant to be re-signed on Google Play, you need to extract the SHA-1 or SHA-256 fingerprint from the app signing certificate from your Google Play account.
To sign apps on Google Play, you need to enable the option “Use Google Play App Signing“ while signing on the Appdome platform before uploading the Appdome-built app to Google Play. This option is located under the “Sign” tab after you fuse an Android app. If you don’t enable “Use Google Play App Signing“ when you sign or privately sign your app on the Appdome platform, Google Play re-signing will trigger the Appdome Anti-Tampering security mechanism.
How to Extract a SHA-1 or SHA-256 Fingerprint from the Google Play Signing Certificate
Navigate to the Google Play Console and log-in
- Choose the application you are signing
- Go to Release Management –> App Signing
- Copy /Download the SHA-1 or SHA-256 certificate fingerprint from the App signing certificate section
This app signing certificate (SHA-1 or SHA-256) is the fingerprint of the final signing certificate that will be distributed via Google Play. Insert this value while signing or private signing on Appdome.
Signing on the Appdome platform:
The reason Appdome requires this value is that several Anti-Tampering techniques within Appdome ONEShield rely on the final signing certificate fingerprint in order to protect the application and verify that it has not been re-signed by an attacker or otherwise tampered with.
For more information on Google App signing, visit this resource.
To zoom out on this topic, visit Appdome for Mobile App Security on our website.