My team is facing an issue with rolling out releases using the Google Play Console. The following error is displayed on the "Preview and confirm" stage of release creation.
"There is a previous APK signed with key rotation, but this release introduces an upgrade path to an APK with version code 2342342 which does not include the same certificates in its proof-of-rotation."
We have already tried resetting the upload key, waiting 48 hours for the key to be active and resigning and re-uploading the aab file. We have no issues signing, uploading to play console etc. But as we get to the "Preview and Confirm" stage, we are running into the same issue. We are convinced that we are using the correct upload key as our release process hasn't changed for years.
Earlier this year, we opted into using the signature scheme v3. We used the apksigner tool to print the certs on the "Signed, universal APK" from the App bundle explorer in play console for our new and previous release. We noticed that the last released apk was verified using signature scheme v3, whereas the new version we are trying to release is verified using a signature scheme v3.1 and the certificate blocks are different because of this, which seems expected. Could this v3 -> v3.1 upgrade be an issue?
We have already tried resetting the upload key, generating new builds, resigning and re-uploading. Creating a new testing track seems to let us release the apk to beta testers because it has no history/lineage so there is no problems with proof-of-rotation, but our production track obviously has history of all previously released versions.
How can we solve this issue without affecting current users or creating a new app?
We recently got confirmation from Google Engineering that this is a known issue. They whitelisted our app and we can successfully release the app again. If anyone runs into this, it might be a good idea to reach out to Google support and ask them for a workaround till they implement the fix.