question

cdcilley avatar image
cdcilley asked ·

Sandbox - upload debug.keystore APK or "real" signed APK

I've been working on a dev kit building/debugging a custom application for a customer in Android Studio. The main activity deals a lot with their database, so up to now I haven't done anything really with Clover.

Following the example projects, I added in the code to create a MerchantConnector and such. When I make the call to "merchantConnector.getMerchant()" I get the error:
status code: 403 App doesn't have required permission: package bjccproductionsltd.com.cloversp does not have permission MERCHANT_R

I know this is because I have not uploaded my APK into the Sandbox. To date I've been using the Android Studio WiFi install/debug on the dev kit. These installed APKs are generated and signed using the debug.keystore. Can I upload this APK in the Sandbox? Will subsequent side-loading of debug-signed APKs work fine on the dev kit? When I'm ready to go into Production, I'll sign *that* APK for real. Will the fact that the Sandbox APK is signed different from Production (both with the same package name) be a problem?
App MarketDevKit
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Jeffrey Blattman avatar image
Jeffrey Blattman answered ·
Can I upload this APK in the Sandbox?
We don't care (or know) what cert you use to sign your APKs. Your cert (obviously) is what proves it was you that uploaded the APK, so keep that in mind. For example, your debug cert is typically not secured. On the other hand, sandbox isn't a production environment, so if the cert you used on sandbox was compromised it would not effect your real merchants. If it was me, I'd have a sandbox and production cert in addition to my debug cert, and keep both the production and sandbox certs secured.

Will subsequent side-loading of debug-signed APKs work fine on the dev kit?
No. Clover adds additional signatures to your developer-signed APK. You will not be able to sideload over an app installed from the Clover app market. We recommend that you install your app (from the app market, or from the developer console), then "adb uninstall" it, then sideload your developer-signed APK. What matters is that the Clover system thinks the app is installed to the merchant, not that any particular APK is installed. For the same reason you can't install over the market-signed APK, Clover won't be able to install over your sideloaded APK (which is probably what you want for development).

Will the fact that the Sandbox APK is signed different from Production (both with the same package name) be a problem?
No, those environments (sandbox and prod) are completely separate.

Share
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

cdcilley avatar image
cdcilley answered ·
Got it, thanks! I created a "release" version of my app using my keystore file and uploaded that to Clover. The missing piece (for development) is how to subsequently, and seamlessly, load and "Run" debuggable versions in Android Studio on, in my case, a Clover Station.

The following assumes you have already setup the wireless install/debug for the Clover device.

I'm currently running Android Studio, v3.0.1
+ Modify your build.gradle file to add the signingConfigs section and change buildTypes->debug. CloverSP is just the name of my app, I don't think it matters as long as the naming scheme matches.
android {
    compileSdkVersion 26

    signingConfigs{
        cdckey{
            keyAlias project.property('CloverSP.signing.keyalias')
            keyPassword project.property('CloverSP.signing.keypw')
            storeFile file(project.property('CloverSP.signing.storefile'))
            storePassword project.property('CloverSP.signing.storepw')
        }
    }

    defaultConfig {
        applicationId "bjccproductionsltd.com.cloversp"
        minSdkVersion 17
        targetSdkVersion 17
        versionCode 1
        versionName "0.1"
        testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
    }

    buildTypes {
        debug{
            signingConfig signingConfigs.cdckey
        }
        release {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }
}
+ Create a new file in the same folder as build.gradle called gradle.properties. It will look like this (passwords have been ***'ed out):
CloverSP.signing.keyalias=cloversp
CloverSP.signing.keypw=*****
CloverSP.signing.storefile=D:\\PATH\\TO\\myapp.keystore
CloverSP.signing.storepw=*****
+ If you use Subversion of any sort of Version Control, add the "gradle.properties" file to the excluded list - it is a security thing to keep this file (and your keys) only on your computer.

After you upload and then download (for the first time) your signed APK to the Clover marketplace, you can then just hit the Green arrow "Run" and use LogCat in Android Studio to help with development and debugging.
2 comments Share
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Did you get it working?
If I follow all the steps, once I load my app again I lose the permissions.

1 Like 1 · ·

Same issue here. INVENTORY_R permission is gone on subsequent loads, If I want to re-upload the apk I have to bump the version, I have not resorted to this yet, but I'm sure given every other issue this SDK has thrown at me it would show up another one that requires hours of trawling through the community to find an answer.

0 Likes 0 · ·

Welcome to the
Clover Developer Community