My original Android version of TXT-2-PARK has been in the Google Play Store for a little over a week now. But it was only on Saturday that I decided to install the release version onto my phone from the store itself, and found a problem.
The application would download just fine, but at the point at which it started installing the Play Store app would complain, reporting that the “Package is not signed correctly“, or words to that effect, and refuse to install the app.
This was puzzling since I had had no such problem with my previous published app (the Simple Battery Widget). Not to mention that any issue with the signing of the app would surely have been identified when I uploaded the APK ?
After a bit of digging I found a number of people had had similar issues.
In some cases, where a dev/debug build had previously been installed on a device (as in my case), the problem was resolved by clearing the Play Store app cache, in others it required clearing ALL the Play Store app data.
Unfortunately this didn’t fix the problem for me.
A little more digging threw up the fact that for some reason some devices – but not all – seem to have trouble validating app signatures if they have been signed with the Java 7 or 8 SDK’s. The suggested solution in that case is to revert to the Java 6 SDK.
In my current Windows 8.1 VM where I do my RO Elements work, I had indeed replaced my previous Java 6 SDK with Java 7.
So I installed the Java 6 SDK, updated the necessary references in the PATH and Visual Studio (Oxygene) settings, rebuilt my Android solution, re-submitted to the Play Store and… problem solved. 🙂
Which just leaves the question of why the Play Store validation process accepts the signature on an app which the Play Store app then rejects.
But whatever the reason, it seems that signing apps with jarsigner from the Java 6 SDK is the way to avoid this particular problem.
NOTE: This is not an Oxygene issue but one that could affect the signing of any Android app using the Java SDK tools.
Just, Java 6 has been EOLed a year and a half ago, and no security path has been released since.
Very good solution indeed, install an outdated, no longer maintained vulnerable SDK on your dev machine….
Take care nothing on your system can use Java 6 but you to sign executables.