# Guidance of changing signing key

* Due to the recent changes in Google's content app payment policy, there is an increasing number of cases where the package name or signing key needs to be changed.
* In order to prevent users from leaving the current apps and also ensure smooth and seamless updates, please refer to the guide below on how to make necessary modifications.

<figure><img src="/files/tu07b2IRJoAUfLgzAFrD" alt=""><figcaption></figcaption></figure>

<br>

#### App Links Specification <a href="#guidanceofchangingsigningkey-applinksspecification" id="guidanceofchangingsigningkey-applinksspecification"></a>

Details can be found on the [App Links Developer Guide.](broken://pages/CrMDAHSZppvvs6POapWl)

<br>

#### &#x20;How to check the signing key of the installed product <a href="#guidanceofchangingsigningkey-howtocheckthesigningkeyoftheinstalledproduct" id="guidanceofchangingsigningkey-howtocheckthesigningkeyoftheinstalledproduct"></a>

After obtaining the certificate fingerprint of the installed app, check that it is the same as the certificate fingerprint of the signing key that it will be compared to.

**Example of how to verify the certificate SHA-256 digest of an installed app**

```java
val certs = runCatching {
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
        val signingInfo = packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNING_CERTIFICATES).signingInfo
        if (signingInfo.hasMultipleSigners()) {
            signingInfo.apkContentsSigners
        } else {
            signingInfo.signingCertificateHistory
        }
    } else {
        packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNATURES).signatures
    }
}.mapCatching {
    it.map {
        val encodedCert = CertificateFactory.getInstance("X509").generateCertificate(ByteArrayInputStream(it.toByteArray())).encoded
        MessageDigest.getInstance("SHA-256").digest(encodedCert).toHexString()
    }
}.recoverCatching {
    // handle exceptions
    throw it
}.getOrNull()
 
fun ByteArray.toHexString() = joinToString(separator = "") { "%02x".format(it) }
```

**Please note:**

* Android API reference
  * <https://developer.android.com/reference/android/content/pm/PackageManager#getPackageInfo(java.lang.String,%20int)>
  * <https://developer.android.com/reference/android/content/pm/PackageManager#getPackageInfo(java.lang.String,%20android.content.pm.PackageManager.PackageInfoFlags)>
  * <https://developer.android.com/reference/android/content/pm/PackageManager#GET_SIGNATURES>
  * <https://developer.android.com/reference/android/content/pm/PackageManager#GET_SIGNING_CERTIFICATES>
* To retrieve the information of other packages at API level 30 or higher, you must apply package visibillity.
  * <https://developer.android.com/training/package-visibility/declaring?hl=ko#package-name>
* The fingerprint of the signing key certificate can be checked on Play Console when using Google Play App Signing, and can be extracted using keytool, apksigner, etc. if you signed it yourself.

#### &#x20;How to check the app source information of installed products <a href="#guidanceofchangingsigningkey-howtochecktheappsourceinformationofinstalledproducts" id="guidanceofchangingsigningkey-howtochecktheappsourceinformationofinstalledproducts"></a>

When an app is installed, the name of the store or installer where the app was installed is saved. This can be found in Settings > Applications > Application Information.

| <p>ONE store App Source</p><p>Information</p> | <p>Google Play App Source</p><p>Information</p> | <p>Galaxy Store App Source</p><p>Information</p> |
| --------------------------------------------- | ----------------------------------------------- | ------------------------------------------------ |
| ![](/files/Tejq8Rr0rn39h4vBL2LK)              | ![](/files/Uabn0ga2MmMm8VISxuyw)                | ![](/files/Ej2uk5WgnVjHzleevKj0)                 |

After obtaining the installer package name of the installed app, crosscheck with the package name on the store to check the app source information.

**Package name for each store**

* ONE store<br>
  * com.skt.skaf.A000Z00040
  * com.kt.olleh.storefront
  * com.kt.olleh.istore
  * com.lguplus.appstore
  * android.lgt.appstore
* &#x20;Google Play
  * com.android.vending
* &#x20;Galaxy Store
  * com.sec.android.app.samsungapps

**Example of how to check the app source information for installed apps**

```java
val installer = runCatching {
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
        packageManager.getInstallSourceInfo(packageName).installingPackageName
    } else {
        packageManager.getInstallerPackageName(packageName)
    }
}.getOrNull()
```

<br>

**Please note:**

* Android API reference
  * <https://developer.android.com/reference/android/content/pm/PackageManager#getInstallSourceInfo(java.lang.String)>
  * <https://developer.android.com/reference/android/content/pm/PackageManager#getInstallerPackageName(java.lang.String)>
* &#x20;To retrieve the information of other packages at API level 30 or higher, you must apply package visibility filtering.
  * <https://developer.android.com/training/package-visibility/declaring?hl=ko#package-name>

<br>

#### &#x20;How to request to delete a product <a href="#guidanceofchangingsigningkey-howtorequesttodeleteaproduct" id="guidanceofchangingsigningkey-howtorequesttodeleteaproduct"></a>

The DELETE\_PACKAGES (or REQUEST\_DELETE\_PACKAGES) permission is required for an app to have its own delete function.\
Because this is not a standard permission, users will be directed to the application information screen so that they can delete it directly.

\
**How to navigate to the application information screen of apps to delete**

```java
startActivity(Intent(Settings.ACTION_APPLICATION_DETAILS_SETTINGS, Uri.parse("package:$packageName")).apply {
    addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
})
```

<br>

**Please note:**

* Android API reference
  * <https://developer.android.com/reference/android/provider/Settings#ACTION_APPLICATION_DETAILS_SETTINGS>

| <p>Example screen for request to delete a product</p><p>(implemented in the app)</p>                                                           | Application information screen   |
| ---------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
| <p><img src="/files/k9FrpVlUbzjsG9XFkt3X" alt=""></p><p>When touch the \[Delete] button</p><p>to go to the application information screen.</p> | ![](/files/Wa1voiPJZguBtlC7Vnw0) |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://onestore-dev.gitbook.io/dev/chi/docs/apps/android/app-signing/guidance-of-changing-signing-key.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.