Jeffrey Blattman avatar image
Jeffrey Blattman posted zgreathouse Deactivated edited

How to sideload an APK onto Clover devices for development

As you probably already know, your Clover app needs to exist in your developer console and be installed to your test merchant before you'll be able to use Clover services. Installing to your test merchant causes the Clover device to download additional meta data about your app allowing it to use Clover services.

Once installed to your test merchant, your Clover development device will download and install your APK. If you attempt to sideload a development version of your APK on top of this, it will fail:

$ adb install -r test.apk
1 file pushed. 6.4 MB/s (887871 bytes in 0.132s)  
    pkg: /data/local/tmp/test.apk

This will occur even if you are signing your APK with same certificate as what you used to sign the APK that is uploaded to your developer console.

The reason is that Clover adds additional signatures to your APK when it's uploaded to the developer console. While your certificate is used prove you authored the app, this second certificate is used to prove additionally that the app came from Clover. Because your app, as it is downloaded from the Clover App Market, is "double signed" in this manner, it's certificates do not match what you've signed locally in your development environment.

The Workaround

To get around this,
  1. Make sure the app is installed and downloaded from the Clover App Market.
  2. Uninstall the Clover App Market double-signed APK from the device using the adb uninstall command.
  3. Install your developer single-signed APK.
  4. Manually sync the device with the sync button found at the top right of the Register App and various other Clover Apps

$ adb uninstall com.example.test
$ adb install -r test.apk 
1 file pushed. 6.4 MB/s (887871 bytes in 0.133s)
    pkg: /data/local/tmp/test.apk

You only need to do this once. The Clover device will not update your single-signed APK. In fact, it cannot, for the same reason you could not update the previously installed double-signed APK.

As far as the Clover is concerned, the app is still installed to the device, so all of your app's meta data still exists, including the app's auth token and permissions.

Here's a video instructions as well:

Store your development and release certificates in a secure location. Never commit them to a source repository, even if it's not publicly accessible.

App MarketSandboxDevKit
1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Dan avatar image Dan commented ·

Thanks Jeffrey, I think it should additionally be noted that you cannot uninstall the app otherwise it will be invalidated. This wasn't always the case and doesn't seem to be documented anywhere.

0 Likes 0 ·

Welcome to the
Clover Developer Community



zgreathouse contributed to this article miguel contributed to this article jeff contributed to this article