I would like someone who has uploaded an Unity game on Play store to let me know how he/she has signed the app?
It is a bit confusing because Unity provide signing facility while Google Play also has its own signing feature.
Which signing we should use and what is correct way to do it as it does not jeopardize further updates.
Take a look at this recent discussion Google Play App Signing - Upload Key
If you are uploading a new app, probably the simplest thing to do is to create a key in Unity and use it as an upload key, then when setting up your app in the Play, opt in for Play to generate the signing key.
You should also read through Use Play app signing - Play Console Help to get a better understanding of how Play store signing works, what are upload / signing keys and what things you should consider when setting everything up (e.g. do you plan to upload your app to other stores or not).
Thanks a lot @JuliusM , after days of confusion it seems to clear to me. So takeaways are:
One can continue using Unity signing (and use local Keystore and keys) and upload apps on Play Store without uploading an Upload key. For subsequent updates apps should be signed with same keys which was used to signed first release. But in this scenario you would be fully responsible to protect your keys. Nothing can be done if you lost your keys. You will not able to release future updates of your apps.
If you want to opt for enhances security for your keys then you need to generate an update key (it could be same key as your Unity app signing key or you can generate a new one) in the PEM format and upload it to Google Play.
But how it would be managed when you have different keys for Unity signing (locally during builds) and Upload (for Google Play). Does Google will again sign your apps using Upload keys?
If yes, then why we still need to sign apps locally because Google does not accept unsigned app (It reject them saying the app has been signed with Debug key). If Google already has one key (Upload key) to sign why we cannot simply upload our apps unsigned and Google sign it before making it available to all?
Google will only sign your apps with “signing” key. It could be the same as upload key or could be different.
In local builds during development, you can use debug key - essentially what you are calling an unsigned app. When you upload your app to the Play store you will always have to sign it with the upload key. I don’t know if Play resigns the app when upload and signing keys are identical.
App signing is like physically signing documents. It proves that the app comes from you and not from someone else.
Thanks @JuliusM , This clarified all my doubts.
@JuliusM , Sorry to bother you again, but one more query arises. My Game is now live on Google Play, but due to some feedback I need to make changes in one of its features. I have not used Upload Key but signed it during Unity build and Google Play has accepted (and showing that App Signing is managed by Google, the default option). Now if I push an update signed by same key (used during Unity build), will Google roll out it as an update?
Because this didn’t happen for my Internal and Closed testing updates. My testers never received an update. As per other forums this could be a technical error from Google side. I have written to Google support about it and they have confirmed that there is nothing wrong with my updates and testers will eventually receive it. But I could not wait that long and pushed it to Production. But I don’t want same things happening (actual users not receiving updates).
So it would be really assuring if you can confirm it?
This is a specific behavior of the Play store so only they know the details.
However signing key should not be related to this in any way. If something is wrong with the signing key, either the app upload to the Play store would fail or installing the app from the Play store to the device would fail. What you describe (the update not being visible) seems to be unrelated.
Thanks @JuliusM 