My gradle settings look like below,
android {
signingConfigs {
debug {
keyAlias ‘myalias’
keyPassword ‘mykeypass’
storeFile file(’/Developer/mystore.keystore’)
storePassword ‘mystorepass’
}
}
buildTypes {
debug {
signingConfig signingConfigs.debug
}
}
…
And I am sure that’s what is being used, because a change to any of those settings causes the build to fail, along with being able to put rubbish into the ‘release’ section, and it not affecting the build in any way.
If I then unzip the resultant apk from a ‘gradle installDebug’ build, and check the SHA1 of the signing key with
keytool -printcert -file META-INF/CERT.RSA’
I get
4B:9D:xxxxxxxxx
But, if I check the SHA1 of the key specified, with
keytool -exportcert -alias myalias -keystore /Developer/mystore.keystore -storepass mystorepass -list -v
I see
E6:DB:xxxxxxxx
The E6 one is what we use all over the Google APIs for debug builds and that, which means that any build we’re currently building from Gradle have the wrong signature, which breaks Google Play login, among quite a few other things.
And just to say, that what shows in the APK also isn’t the debug keystore, when running
keytool -exportcert -keystore ~/.android/debug.keystore -storepass android -list -v
The SHA1 in that case is
A8:7B:xxxxxxx
So I’ve absolutely no idea where the SHA1 in the APK is coming from.