question

Alan avatar image
Alan asked Alan commented

App Updater Failed, New package has a different signature

UPDATE 20th April 19:15:

It appears the same issue with the token regenerisation is still happening :(

The latest version of the app installed okay with the new permission after uninstalling.

The only reason I can think of for the 'different signature' problem to have happened, is if I had uninstalled the clover signed app, and reinstalled directly from a sideloaded version. However I'm using the same signing for both, so I'm not sure how that works either?

Original Question 20th April 19:00:

My sandbox clover app updater is failing for a new version of my APK I'm getting this on logcat:

W/PackageManager: New package has a different signature: <my apps package name...>

I initially uploaded an APK via the sandbox clover website, and installed to get permissions to use the API.

I have since been sideloading, but now need to add to the permissions, so I've checked the new ones and uploaded a new APK with the same signing and key. The upload works fine, and even reaches the App Updater app on clover mini (real physical dev kit) but almost instantly shows 'Install Failed'

I have tried:

  1. Another signing to see if it was that, but as expected I couldn't even get the APK to upload as they didn't match
  2. Signing with only v1 signing ticked in the new android studio signing options (It now allows v2). This also didn't change anything
  3. Multiple restarts and app updater and app store cache clears (Until I found the log above confirming it was something specific)

I have yet to try an uninstall, as I recently hit an issue with token regeneration after an uninstall.

I'll probably trigger it now, and hope that issue is faster than 24hrs this time. I'd still love to know if i'm doing something wrong here, and whether there's anything I need to know about updating permissions on production after an initial app release.

Thanks, Alan

6 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jeffrey Blattman avatar image Jeffrey Blattman ♦♦ commented ·

App updates and tokens are not related. If you sideloaded your APK, you are always going to get this since it won't be signed with the Clover store signature.

0 Likes 0 ·
Alan avatar image Alan commented ·

Hi Jeff, are you saying if I install an app from the clover app store, then sideload on top of that, that i can't later update from the app store? Was there another option other than uninstalling the app after sideloading over the app store install, to get the updated permissions?

0 Likes 0 ·
Jeffrey Blattman avatar image Jeffrey Blattman ♦♦ commented ·

You cannot install any app on top of the same app unless it's signed identically. I can't really say anymore without knowing how you sign your apps and with what keys. The log you pasted seems to indicate the problem however. It's not related to tokens. The fix for tokens has not been released yet. The workaround is to uninstall (from the store) and re-install (from the store). Sideloading is not going to do it.

0 Likes 0 ·
Alan avatar image Alan commented ·

The token thing is fine, I understand why and the workaround. My question was about the error I got from: AppStore install->sideload->appstore update

I'm able to sideload over an app store install but not update over that same sideload. That wouldn't be a huge deal if it wasn't for the 24hr auth token issue that comes with uninstalling. Does that make sense?

0 Likes 0 ·
Jeffrey Blattman avatar image Jeffrey Blattman ♦♦ commented ·

Yes, makes sense.

0 Likes 0 ·
Show more comments

1 Answer

Jeffrey Blattman avatar image
Jeffrey Blattman answered Alan commented

Your locally-signed APK will not have the same signature as the APK installed from our app store. For security reasons, we add additional signatures beyond your developer signature. The only solution I know of here is to manually uninstall the app store installed APK and then sideload your APK.

3 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Alan avatar image Alan commented ·

And just to note, currently uninstalling apps causes API tokens to expire and not regenerate properly for up to 24hrs. So best to plan uninstalls at the end of the work day @Pavan . However, It's possible to generate an API token manually from the merchants settings, so you're not left too stuck if you're using the API. It's just painful to simulate/test initially getting auth tokens during clean installs.

0 Likes 0 ·
pavan avatar image pavan commented ·

@Alan thanks the token generating issue i getting in clover station where i am using android sdk to get auth token then clover team suggested to use me forceful auth token here is link may be help it to u using this my token issue is solved

https://devask.clover.com/question/77...

0 Likes 0 ·
Alan avatar image Alan commented ·

Thanks @Pavan

0 Likes 0 ·

Welcome to the
Clover Developer Community