Stay organized with collections Save and categorize content based on your preferences.
If you're a Web developer who is new to Android and Google Play, there are some details you should be aware of. There already exist many resources and documentation for this (thanks to the Android team) but here we'll highlight some important concepts and how they relate to Bubblewrap.
Upload vs. Signing KeyIf you plan to use Bubblewrap to generate an Android App Bundle (AAB) (Note: Starting in August 2021, Google Play will require all new apps to use the Android App Bundle format) or APK to upload and publish to Google Play, you'll need to sign your app with a signing key. Google Play gives you two options for how you can handle this:
During the bubblewrap init setup, when you get to the "Signing key information (5/5)" portion, you'll be prompted to enter a "Key store location" and "Key name", or use the defaults. The default key store location is the file android.keystore in your project directory and the default key name is android. If Bubblewrap doesn't find an existing keystore with that key name at the location, it will create one for you and also prompt you for passwords. Take note of the passwords you entered as you'll need them during the build process (bubblewrap build) where it will use the key to sign your app. If you opt in to Play App Signing, then the signing key that Bubblewrap generated and used to sign your app becomes the "upload key". Whether you choose to use the Bubblewrap generated key as your signing or upload key, you should guard and keep the key private. We don't recommend committing it to version control. Instead, limit the number of individuals with access to it.
Digital Asset Links are needed to declare the relationship between your website and your Android app. To ensure that your Android app generated by Bubblewrap is verified properly and launches as a Trusted Web Activity (instead of a Chrome Custom Tab), you'll need to add the appropriate key to your assetlinks.json file. Then upload it to your website at .well-known/assetlinks.json (relative to the root). Your assetlinks.json file should follow this format:
[{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "com.your.package_name",
"sha256_cert_fingerprints": [
"XX:XX:XX:..."
]
}
}]
To create the assetlinks.json file, you'll need the SHA 256 certificate fingerprint associated with your app's signing key. The important thing to note is that the fingerprints associated with your signing and upload keys will be different. It's important to keep this distinction in mind, especially if you observe your app launching as a Chrome Custom Tab (with the browser bar visible). Then, it's likely your assetlinks.json file does not have the fingerprint that corresponds to the appropriate key.
It's useful to have both your signing and upload certificate's fingerprint in your assetlinks.json to more easily debug your app locally. See Adding More Keys below for more information on how to have both keys in the assetlinks.json file.
There are a couple of different ways to get the fingerprint which are detailed in the next sections. They should all give you the same fingerprints so feel free to choose the method that is most convenient.
Via Play ConsoleDepending on if you opt in to Play App Signing or not, you may have one or two keys. To retrieve the appropriate SHA256 fingerprint for each key:
Signing key: Copy the SHA256 fingerprint for the "App signing key certificate". This fingerprint will correspond to your app if you download it from the Google Play Store since Google Play distributes your app signed with the signing key.
Upload key: Copy the SHA256 fingerprint for the "Upload key certificate". This fingerprint will correspond to your app if you install it locally (via ADB over USB for example). That APK (on your local machine) was built by Bubblewrap, and therefore, signed by the key it created for you as well (during the init setup). Remember that this may be the signing key for your locally installed app, but this actually becomes the "upload key" once you publish your app through Play.
keytool
keytool is a key and certificate management tool. You can use keytool to extract the SHA 256 fingerprint associated with the APK or AAB Bubblewrap generated. Note that this fingerprint is for the local signing key and if you upload your app to Play and opt in to Play App Signing, this key becomes the "upload key".
keytool -printcert -jarfile [path to APK or AAB] | grep SHA256
Another way to get the correct Digital Asset Links file for your app, is to use the Asset Link Tool:
bubblewrap init and click on that entry.The same idea applies as before with signing or upload keys. If you installed your app from the Google Play Store, the Asset Link Tool will get you the fingerprint for your app's signing key. If you installed the app directly from your local machine, then the fingerprint is for the key Bubblewrap generated.
Ensuring your asset link file is accessibleNow that you've uploaded it, make sure you can access your asset link file in a browser. Check that https://example.com/.well-known/assetlinks.json resolves to the file you just uploaded.
If your website is generated by Jekyll (such as GitHub Pages), you'll need to add a line of configuration so that the .well-known directory is included in the output. GitHub help has more information on this topic. Create a file called _config.yml at the root of your site (or add to it if it already exists) and enter:
# Folders with dotfiles are ignored by default.
include: [.well-known]
A Digital Asset Link file can contain more than one app, and for each app, it can contain more than one key. For example, to add a second key, just use the Asset Link Tool to determine the key and add it as a second entry. The code in Chrome that parses this JSON is quite strict, so make sure you don't accidentally add an extra comma at the end of the list.
[{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "com.your.package_name",
"sha256_cert_fingerprints": [
"XX:XX:XX:..."
]
}
},{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "com.your.package_name",
"sha256_cert_fingerprints": [
"XX:XX:XX:..."
]
}
}]
Chrome logs the reason that Digital Asset Links verification fails and you can view the logs on an Android device with adb logcat. If you're developing on Linux/Mac, you can see the relevant logs from a connected device with:
> adb logcat -v brief | grep -e OriginVerifier -e digital_asset_links
For example, if you see the message Statement failure matching fingerprint., you should use the Asset Link Tool to see your app's signature and make sure it matches that in your assetlinks.json file.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2021-07-22 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2021-07-22 UTC."],[],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4