Extracting a SHA-1 or SHA-256 Fingerprint from the Google Play Signing Certificate

Some Android developers may elect to sign their apps using Google Play (instead of signing the Fused app on Appdome) and allow Google to manage the signing certificate. In order to do this, you need to extract a SHA-1 or SHA-256 Fingerprint from the Google Play signing certificate.

This Knowledge Base article provides instructions on how to extract the SHA-1 or SHA-256 fingerprint from a Google Play signing certificate when the developer has selected Google to manage the certificates.

Extracting SHA-1 or SHA-256 Fingerprint from Google Play App Signing Certificate

Appdome is a mobile integration platform as a service (iPaaS) that allows users to add a wide variety of features, SDKs and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily integrate features to any mobile app – instantly, no code or coding required.

To use Appdome’s private signing, you need the SHA-1 or SHA-256 fingerprint from the signing certificate from your Google Play account.

If you enable Google app signing when uploading your Fused app to Google Play, you need to enable “Private Signing” on Appdome before uploading the fused app to Google Play. The Private Signing option is located under the “Sign” tab after you fuse an Android app.  If you don’t enable Private Signing, when you sign the app on Google Play will trigger Appdome Anti-Tampering.

Prerequisites

  1. Appdome account
  2. Android App
  3. Application uploaded to Google PlayStore
  4. Signing Credentials

How to Extract a SHA-1 or SHA-256 Fingerprint from the Google Play App Signing Certificate

After logging into Google Play you can obtain the needed SHA-1 or SHA-256 certificate fingerprint and copy that into Appdome for Private Signing or on platform signing.

  1. Navigate to the Google Play Console and login
  2. Choose the application you are signing
  3. Go to Release Management –> App Signing
  4. Copy /Download the SHA-1o r SHA-256 certificate fingerprint from the App signing certificate section

This app signing certificate SHA-1 or SHA-256 is the fingerprint of the final singing certificate that will be distributed via Google Play. Insert this value while signing on Appdome. The reason Appdome requires this value is that several Anti-Tampering techniques within Appdome ONEShield rely on the final signing certificate fingerprint in order to protect the application and verify it has not been re-signed by an attacker or otherwise tampered with.

For more information on Google App signing, visit this resource.

To zoom out on this topic, visit  Appdome for Mobile App Security on our website.

How Do I Learn More?

Check out Appdome blog or request a demo at any time.
If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Paul Levasseur

Have a question?

Ask an expert