Bug 56159 - Keystore not included in project and no documentation warnings on backing it up
Summary: Keystore not included in project and no documentation warnings on backing it up
Status: VERIFIED FIXED
Alias: None
Product: Visual Studio Extensions
Classification: Xamarin
Component: Android ()
Version: 4.4.0 (15.1)
Hardware: PC Windows
: High normal
Target Milestone: 15.3
Assignee: Jose Gallardo
URL:
Depends on:
Blocks:
 
Reported: 2017-05-10 06:23 UTC by Rob Houweling
Modified: 2017-07-20 05:44 UTC (History)
6 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
VERIFIED FIXED

Description Rob Houweling 2017-05-10 06:23:00 UTC
The keystore file for signing Android apps is not included in the solution. This resulted in a lost keystore file when my machine crashed and I had to reinstall it.
Although all my code was nicely backed up in the cloud I now have to REMOVE my app from the Play Store because I can't sign it with the same certificate as the previous versions because I lost the keystore when reinstalling Windows. Resulting in customers having to remove the app and install the new one instead of updating it.

Besides the fact that the keystore is not in the solution, which should be the preferred solution because it enables sharing of the keystore between developers, it is also not documented anywhere that the keystore should be backup up manually (see https://blog.xamarin.com/android-archiving-and-publishing-made-easy/, https://developer.xamarin.com/guides/android/deployment,_testing,_and_metrics/publishing_an_application/part_1_-_preparing_an_application_for_release/).
As far as I'm concerned it should be marked in red with caps as long as it's not included in the solution!

Build Date & Hardware: 
Xamarin 4.4.0.34, 
Xamarin.Android 7.2.0.7, 
Windows 10 1703(Build 15063.138),
Visual Studio 2015 Version 14.0.25431.01 Update 3

Also see:
https://forums.xamarin.com/discussion/77936/xamarin-keystore-instructions-android-dangerously-avoids-the-backup-step-of-created-certificate#latest
https://forums.xamarin.com/discussion/94978/lost-keystore-after-crash-of-development-machine#latest
Comment 1 Rob Wilson 2017-05-10 06:32:40 UTC
I couldn't agree more! https://forums.xamarin.com/discussion/comment/272322#Comment_272322
Comment 2 Rob Houweling 2017-05-16 07:36:36 UTC
Hi,

Is there anywhere I can check when this issue will be investigated? I have to get my app in the store so I need to know if I have to take it out first and re-enter it or if there's a workaround so that I can update it.

Kind regards,

Rob Houweling
Comment 3 Jose Gallardo 2017-05-29 18:37:35 UTC
I'm really sorry to hear you've lost your keystore file. That's a very bad situation as unfortunately I don't think you can work around it. The need of creating a keystore backup is already mentioned on the Xamarin Documentation:

https://developer.xamarin.com/guides/android/deployment,_testing,_and_metrics/publishing_an_application/part_2_-_signing_the_android_application_package/#Create_a_New_Certificate

However, agreed it would be very helpful improvement if the IDE UI provides a highly visible warning, and ideally facilitates the backup creation somehow, as losing the keystore can be critical.

Thanks for filing the bug report, we'll work on improving the experience targeting our next release (15.3).

Also, I'll try to get a final confirmation on potential workarounds for publishing an update after losing the keystore file. I'll be poking tomorrow across the team and update the bug report in case there is some alternative I haven't think of yet.

Thanks
Comment 4 xamarin-release-manager 2017-06-12 23:39:46 UTC
Fixed in version 4.7.0.32 (master)

Author: josegallardo
Commit: 97a79fcb39a1b0e3095c3b098925ae95682e4621 (xamarin/XamarinVS)
Comment 5 Jose Gallardo 2017-06-13 11:50:33 UTC
This is also fixed on branch d15-3, commit a9a89d99044d9bf8dcba226567b4675f352c5a32 (xamarin/XamarinVS)

For the reporters, the fix we implemented was to include a warning in our distribution wizard.
The warning is now clearly stated right before publishing the application (at the bottom of the track selection page).

The warning message is the following:

```
You're about to publish an application to the Google Play Store. This application has been signed using a Keystore. Publishing updates for this application in the future requires the same Keystore to be used.
We strongly recommend you to make a backup of the Keystore in a safe place before continuing.

<Click here to create a backup copy of the Keystore file in a different location.>
```

The last line is an hyperlink which helps the user to make the backup. Clicking on it will ask for a target location for a keystore backup on the file system (with a standard Save As dialog). Once selected, we'll copy the Keystore file, and open a File Explorer window with the created backup selected. That way you can take additional security actions, like uploading it to a private cloud storage.

Thanks for reporting this issue. Hope this helps other people to prevent hitting it.

Cheers
Comment 6 Rob Houweling 2017-06-13 11:52:45 UTC
Thanks for picking this up so seriously and making these changes.