I have forgotten my keystore password and I want to install my apk on Google Play. What do I do?
I have made an application and I signed its apk one month ago. Now I have forgotten its password and when I am using a new key for this and installing it on Google Play, it's giving me the fingerprint error. What can I do?
The application link is here.
The error occurs:
you can find your lost key password in below path
Project\.gradle\2.14.1\taskArtifacts\taskArtifacts.bin
open the file and search with the part of the password that you remember. You will find it definitely. Else, try searching with this string "signingConfig.storePassword".
Note: I have experienced the same and i am able to find it. In case if you didn't find may be you cleared all the cache and temp files.
Try to find your password here if you are using Gradle 4.0 and above.
- Switch to project mode.
- Open your project name folder.
- Open .gradle folder.
- Open gradle version folder (here in my case it's 4.4).
- Open taskHistory folder.
- Double click on "taskHistory.bin", select open in text editor option.
- press ctrl+f to open search box and try to find your key (guesswork).
UPDATE:
In gradle 5.4 version the file path has been changed as below: <project>\.gradle\5.4\executionHistory\executionHistory.bin
You have to use the same certificate when you update your apk or Google Play won't recognize it as the same app.
If you can't remember your password at all, I don't think there is any other choice but to start with a new app (new package name).
From Google documentation
Application upgrade – As you release updates to your application, you must continue to sign the updates with the same certificate or set of certificates, if you want users to be able to upgrade seamlessly to the new version. When the system is installing an update to an application, it compares the certificate(s) in the new version with those in the existing version. If the certificates match exactly, including both the certificate data and order, then the system allows the update. If you sign the new version without using matching certificates, you must also assign a different package name to the application — in this case, the user installs the new version as a completely new application.
Source: http://developer.android.com/tools/publishing/app-signing.html
Similar info also here in Android developer blog: http://android-developers.blogspot.com.au/2011/06/things-that-cannot-change.html
Just as important as the manifest package name is the certificate that application is signed with. The signing certificate represents the author of the application. If you change the certificate an application is signed with, it is now a different application because it comes from a different author. This different application can’t be uploaded to Market as an update to the original application, nor can it be installed onto a device as an update.
[...]
In conclusion: There are some parts of your application that can not change. Please be careful.
The keystore password can be broken, but you'll still need the alias password later on.
Download the two files from here
https://gist.github.com/zach-klippenstein/4631307
Build with:
javac ChangePassword.java
Run:
java ChangePassword <keystore filename> <new keystore filename>
The lost key password can be found under the .gradle folder, the path be something like this:
.gradle\3.3\taskArtifacts\taskArtifacts.bin
I think 3.3 is the number of the gradle version, it may change in some cases. If the version is greater than 4.0 the path is actually different:
.gradle\4.1\taskHistory\taskHistory.bin
In any case, this are binary files, so they're full of unreadable data, but if you search for the string "signingConfig.storePassword" you'll find a lot of text, mine looked like:
<97>signingConfig.keyAlias^C<8a>MY_KEY_ALIAS<9c>signingConfig.storePassword^C<92>MY_STORE_PASSWORD<98>signingConfig.storeType^C<84>jks<9f>