Guidance of changing signing key

Due to the recent changes in Google's content app payment policy, there is an increasing number of cases where the package name or signing key needs to be changed.
In order to prevent users from leaving the current apps and also ensure smooth and seamless updates, please refer to the guide below on how to make necessary modifications.

App Links Specification

Details can be found on the App Links Developer Guide.

How to check the signing key of the installed product

After obtaining the certificate fingerprint of the installed app, check that it is the same as the certificate fingerprint of the signing key that it will be compared to.

Example of how to verify the certificate SHA-256 digest of an installed app

val certs = runCatching {
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
        val signingInfo = packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNING_CERTIFICATES).signingInfo
        if (signingInfo.hasMultipleSigners()) {
            signingInfo.apkContentsSigners
        } else {
            signingInfo.signingCertificateHistory
        }
    } else {
        packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNATURES).signatures
    }
}.mapCatching {
    it.map {
        val encodedCert = CertificateFactory.getInstance("X509").generateCertificate(ByteArrayInputStream(it.toByteArray())).encoded
        MessageDigest.getInstance("SHA-256").digest(encodedCert).toHexString()
    }
}.recoverCatching {
    // handle exceptions
    throw it
}.getOrNull()
 
fun ByteArray.toHexString() = joinToString(separator = "") { "%02x".format(it) }

Please note:

Android API reference
To retrieve the information of other packages at API level 30 or higher, you must apply package visibillity.
- https://developer.android.com/training/package-visibility/declaring?hl=ko#package-name
The fingerprint of the signing key certificate can be checked on Play Console when using Google Play App Signing, and can be extracted using keytool, apksigner, etc. if you signed it yourself.

How to check the app source information of installed products

When an app is installed, the name of the store or installer where the app was installed is saved. This can be found in Settings > Applications > Application Information.

ONE store App Source

Information

Google Play App Source

Information

Galaxy Store App Source

Information

After obtaining the installer package name of the installed app, crosscheck with the package name on the store to check the app source information.

Package name for each store

ONE store
- com.skt.skaf.A000Z00040
- com.kt.olleh.storefront
- com.kt.olleh.istore
- com.lguplus.appstore
- android.lgt.appstore
Google Play
- com.android.vending
Galaxy Store
- com.sec.android.app.samsungapps

Example of how to check the app source information for installed apps

val installer = runCatching {
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
        packageManager.getInstallSourceInfo(packageName).installingPackageName
    } else {
        packageManager.getInstallerPackageName(packageName)
    }
}.getOrNull()

Please note:

Android API reference
- https://developer.android.com/reference/android/content/pm/PackageManager#getInstallSourceInfo(java.lang.String)
- https://developer.android.com/reference/android/content/pm/PackageManager#getInstallerPackageName(java.lang.String)
To retrieve the information of other packages at API level 30 or higher, you must apply package visibility filtering.
- https://developer.android.com/training/package-visibility/declaring?hl=ko#package-name

How to request to delete a product

The DELETE_PACKAGES (or REQUEST_DELETE_PACKAGES) permission is required for an app to have its own delete function. Because this is not a standard permission, users will be directed to the application information screen so that they can delete it directly.

How to navigate to the application information screen of apps to delete

startActivity(Intent(Settings.ACTION_APPLICATION_DETAILS_SETTINGS, Uri.parse("package:$packageName")).apply {
    addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
})

Please note:

Android API reference
- https://developer.android.com/reference/android/provider/Settings#ACTION_APPLICATION_DETAILS_SETTINGS

Example screen for request to delete a product

(implemented in the app)

Application information screen

When touch the [Delete] button

to go to the application information screen.

Last updated 6 months ago

val certs = runCatching { if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) { val signingInfo = packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNING_CERTIFICATES).signingInfo if (signingInfo.hasMultipleSigners()) { signingInfo.apkContentsSigners } else { signingInfo.signingCertificateHistory } } else { packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNATURES).signatures } }.mapCatching { it.map { val encodedCert = CertificateFactory.getInstance("X509").generateCertificate(ByteArrayInputStream(it.toByteArray())).encoded MessageDigest.getInstance("SHA-256").digest(encodedCert).toHexString() } }.recoverCatching { // handle exceptions throw it }.getOrNull() fun ByteArray.toHexString() = joinToString(separator = "") { "%02x".format(it) }

val installer = runCatching { if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) { packageManager.getInstallSourceInfo(packageName).installingPackageName } else { packageManager.getInstallerPackageName(packageName) } }.getOrNull()