How to apply migration signature to an APK created by Flash Builder

Report · Aug 01, 2014

I developed an android application using Flash Builder.

Version 1.0 has been created with an old certificate (.PFX file).

That certificate is expired.

So I create new Version 1.1 with a new certificate.

But when I try to install the new version, the following message has been displayed.

Application not installed: an existing package by the same name with a conflicting signature is already installed.

There is a simple solution: Uninstall first version (1.0) and install the new version (1.1).

But I don't want to lose my application data which is created by 1.0 (old version).

Could anyone please suggest a better solution?

Report · Aug 07, 2014

I got this answer from gnuanu @ stack over flow

-------------------------------------------------------------------------------------------------------

Unfortunately, As of now there is no better solution for this situation.

Quoting the official documentation on Android Developers,

In general, the recommended strategy for all developers is to sign all of your applications with the same certificate, throughout the expected lifespan of your applications. There are several reasons why you should do so:
Application upgrade – As you release updates to your application, you must continue to sign the updates with the same certificate or set of certificates, if you want users to be able to upgrade seamlessly to the new version. When the system is installing an update to an application, it compares the certificate(s) in the new version with those in the existing version. If the certificates match exactly, including both the certificate data and order, then the system allows the update. If you sign the new version without using matching certificates, you must also assign a different package name to the application — in this case, the user installs the new version as a completely new application.

So as per suggested by the documentation, You should create a key with maximum validity and use it for signing the application in future.

Another important consideration in determining your signing strategy is how to set the validity period of the key that you will use to sign your applications.
If you plan to support upgrades for a single application, you should ensure that your key has a validity period that exceeds the expected lifespan of that application. A validity period of 25 years or more is recommended. When your key's validity period expires, users will no longer be able to seamlessly upgrade to new versions of your application.
If you will sign multiple distinct applications with the same key, you should ensure that your key's validity period exceeds the expected lifespan of all versions of all of the applications, including dependent applications that may be added to the suite in the future.
If you plan to publish your application(s) on Google Play, the key you use to sign the application(s) must have a validity period ending after 22 October 2033. Google Play enforces this requirement to ensure that users can seamlessly upgrade applications when new versions are available.

So to conclude, You have to uninstall the old version and install the new one which is singed with the new certificate.

Hope this helps.

Adobe Community

How to apply migration signature to an APK created by Flash Builder