PhoneGap Build lost your signing keys. Now what?
Android and iOS app binaries must be digitally signed with a certificate before they can be installed onto a user’s device. This is required so that users can be confident that the app publisher actually is who they say they are. For iOS applications, these are created on Apple’s developer portal, and can be regenerated. For Android applications, these are typically created locally and up to each developer to safeguard, as they can not be regenerated.
One of the challenges for some developers who used PhoneGap Build was that it was the only place their Android signing keys existed – it was created then lost at some point in time. Apple has a method to regenerate a signing key, so it was never a worry. But since Android keys are created locally, they can NEVER be recreated. Once they are lost, there is no method to recreate them. And, if you do not have them, you cannot properly sign your Android application and submit a new version. Unfortunately, Adobe will not be providing a way to export your Android private key.
If you have found yourself in the situation, I am sorry. It sucks. Now that PhoneGap Build is shutting down, what should you do?
Generally speaking, you need to migrate your existing users to a “new” version of the app. How hard this will be will vary depending on if your app has local data that needs to be transferred or not. I’ve outlined a possible collection of steps you can take to migrate your application to use new signing keys.
- Step 1: Create a new signing key
First, generate a new signing key and save it in multiple locations. As my father-in-law used to say, “You forget to back up, ONCE!”
- Step 2: Build a cloned version of the existing app
Clone your app, then update the config.xml file with a new app id.
<widget id="com.company.app.v2" version="1.0.0" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
- Step 3: Submit the cloned app to Google Play
Build the existing app as is. Don’t worry about any data migration at this point. Sign it for release and get into the Google Play Store with all the supporting assets. However, I recommend not releasing it yet. You add a note to the Google Play store reviewers why this is necessary.
- Step 4: Create a data transfer plan (optional)
This might be the hardest part. If you have a lot of local data, you need to find a method to migrate it to a cloud service, like Google Firebase. Now this might require generating a user login as well. This is going to be very specific to the data needs of your app. Likewise, if you have code to transfer the data out of the old app, you will need code to transfer the data into the new app.
- Step 5: Update the existing app version
Depending on your migration needs, you might be able to simply display a warning dialog telling them that this version will no longer be updated and to download the new version. If there is data migration, then obviously guide them through what they need to do to migrate. Build the old app with the migration notice before PhoneGap Build shutdown! Once built, submit it to the Google Play Store, but again, don’t release it.
Step 6: Release the cloned version
WIth the cloned version on the Google Play Store, release it so it is live and ready for users.
Step 7: Release the original version with the migration notice
With the cloned version live, release the original app.
What to go from here?
- Step 8: Build the app in the cloud using Ionic Appflow (optional)
Now that you have successfully created a new Android signing key (saving it somewhere safe so it doesn’t get lost!) then migrated to a cloned version of the original app, consider setting up cloud native builds with a service like Ionic Appflow.
Unfamiliar with Appflow? Like PhoneGap Build, you can build your Cordova-based iOS or Android app in the cloud. However, it does much more than that – it’s a complete mobile DevOps solution that makes it easy to continuously build, deploy, and update mobile app experiences across iOS, Android, and the web. With Appflow, you can fully automate your team’s app development workflow, and go from idea to production.
If interested, check out the details in my new guide to migrating from PhoneGap Build to Appflow.
Hopefully this brief post gave you a starting point to recreating an Android private signing key and migrating your PhoneGap application. Best of luck!