[FIXED] Android Package Signing for .NET MAUI app


I’m trying to upload the bundle file for my .NET MAUI app to Google Play but I’m getting the following error:

Your Android App Bundle is signed with the wrong key. Ensure that your
App Bundle is signed with the correct signing key and try again. Your
App Bundle is expected to be signed with the certificate with

It then shows the fingerprint it’s expecting. I see the SHA1 and SHA256 fingerprints Google PLay is expecting under App Integrity > App Signing tab and these fingerprints are different than the ones created when I followed the documentation for publishing .NET MAUI to Google Play at https://docs.microsoft.com/en-us/dotnet/maui/android/deployment/overview

Google Play allows me to download certs i.e. upload_cert and deployment_cert. How do I use the fingerprints in these certs when creating my .NET MAUI app’s Android package?


This is happening because I had already uploaded another version of my app to Google Play and now the signing key is not matching.

Here’s how I was able to resolve the issue:

  1. Log into Google Play Console for developers and select the app you’re trying to upload
  2. My app is currently in "Closed Testing" so I selected "Closed Testing" from the main menu on the left which is under "Release" section and "Testing" subsection
  3. I already have a track so I selected "Manage Track" button
  4. Once in the track, I clicked "Edit Release" button
  5. Once in "Edit Release" screen, right under "App Integrity", there’s a link that reads "Change app signing key". Click that link
  6. This opens a warning modal, click the "Change app signing key" button to proceed
  7. This opens up another popup window with 4 options. Select the third one that reads "Export and upload a key from Java keystore"
  8. This entails 3 steps of its own. First, you click the first link to download a utility app named "PEPK Tool". I downloaded this app right where my keystore file is. It doesn’t have to be in the same folder but it makes pointing to it easier.
  9. THe popup on Google Play also gives you a command to run with long paramter. Next step is to run this but there are two important points here
  10. First important point is to use the correct file name for your keystore. The generic command suggests foo.kestore. Change it to whatever your keystore file’s name currently is.
  11. The next important point was tricky for me because I had to remmeber the alias I used when I was generating my keystore file. If you remember it, just use it in the command you’re going to run. The generic command suggests foo. Just use the correct one. If you don’t remember the alias you used, then run keytool -list -v -keystore "foo.keystore" -storepass myPassword which will give you all the entries in your keystore which will include the alias. Again, in this command, don’t forget to use the correct filename for your keystore along with the password you used.
  12. If you do the previous step correctly, the command you copied from Google Play will generate a file named output.zip. You then upload it to Google Play on the same screen.

If you do all this correctly, you should now be good to go! Good luck!

Answered By – Sam

Answer Checked By – Terry (Easybugfix Volunteer)

Leave a Reply

(*) Required, Your email will not be published