Android App Bundles: Updating An Existing App

[7/19/21] Updated to use Scriptoria to export the encrypted key that is uploaded to Google play.

In August 2021, Google Play will require that all NEW apps are published as Android App Bundles (AAB) instead of an APK. For existing app, they can continue to be published as an APK. However, you may choose to switch to AAB. You may choose to do this if you are using features in SAB that makes your app larger. For example, if you enable verse on image to share videos which combine the image and audio or enabling the user to share audio clips or videos from selected verses, SAB then include a media processing library (FFmpeg) which will increase the app size by between 13 and 52 MB.

There is some extra work that needs to be done in Google Play Developer Console before you publish the next version of the app. It is documented in Play Console Help. If you are using Scriptoria, these are the steps that you should take.

Step 1: Add Publishing Properties to your project

  1. Add BUILD_ANDROID_AAB=1 and BUILD_EXPORT_ENCRYPTED_KEY=1 to the Publish Properties in SAB. For 8.6.6, you will need to type in (or copy/paste) the property names. In the next release, they will be available from the dropdown of known property names.

  1. Upload the project to Scriptoria.
  2. In a browser window, open Scriptoria and navigate to the project. Using the shish-kebob menu next to the “Android App to Google Play” product, select Rebuild. During the build, Scriptoria will export an encrypted copy of the private key used to sign the Android app.

Step 2: Enroll in Play App Signing

When you published your app, you opted out of Play App Signing during the process of publishing the first APK. Now we have to enroll. WARNING: Once you opt in, you can’t opt out again.

  1. In another tab or browser window, open Play Console.
  2. Select an app.
  3. On the left menu, go to Release > Setup > App integrity.
  4. If you haven’t already, review the Terms of Service and select Accept.
  5. In the Opt in to Play App Signing section, select Export and upload a key (not using Java Keystore). Scriptoria will export the private key in the format needed by Google Play that is safe to transmit over the internet and can only be decrypted by Google.


Step 3: Upload Encrypted Private Key

  1. Go back to the browser tab or window opened to Scriptoria. When the “Android App To Google Play” product is at the “Verify and Publish” step, click on the Continue link.
  2. In the list of product files, click on the “encrypted_key” entry which will download private_key.pepk
  3. Go back to the brower tab or window opened to Play Console.
  4. Click on the Upload private key link and select the file that was download from Scriptoria.
  5. Click on Save at the bottom right of the page.

Play App Signing is now Enabled. You can continue with the “Verify and Publish” step in Scriptoria. In the list of product files, there will be an “aab” and “apk” entry. You can download the APK to do testing. Scriptoria will use the AAB when publishing.

When the publishing of the app as an AAB has completed, please remove the BUILD_EXPORT_ENCRYPTED_KEY from the publishing properties. It was needed just for this transitional prcess.

If You have any questions, reply to this thread and we can help anyone who may have a similar question.

Chris Hubbard

Thanks for the comprehensive information sir.

But, does this apply only to the people that use scriptoria to upload their works to the Play store but exempting those that upload directly to the Play store?

But, honestly sir, I don’t understand the below and completely lost…

keystore alias password when prompted.

$ java -jar path/to/pepk.jar --keystore=name.keystore --alias=key1 --output=path/to/encrypted_keystore --encryptionkey=eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a


In August 2021, Google Paly will require that all NEW apps are published as Android App Bundles (AAB) instead of an APK. For existing app, they can continue to be published as an APK. However, you may choose to switch to AAB.

This applies to all apps in Google Play, whether they you use Scriptoria or not.

Here is the Google Play Documentation. If you are having difficulty with it, you may need to contact Google Support. During the process, you download a Java JAR file (pepk.jar) and use it to convert the Keystore and parameters into a format that only Google can decrypt so that it is safe to upload on a website.

I hope that helps,

Hi Chris,

Thank you for the helpful information on updating an existing app.

I want to set this up while I have a more reliable internet connection, so I’ve completed Step 1 and 2, and I’ve added the line in Step 3 to SAB. I was wondering if you could please help me with a couple of questions:

  1. Will this also work for the Reading App Builder? That is, step 3?
  2. If I have this set up, then there is no need to upload the app if I have not made any changes to it yet, is that right? That is, Steps 1 and 2 are sufficient to update the app to be an Android App Bundle, so Step 3 is only required for uploading any changes through Scriptoria. Or would it better if I uploaded the app again, even if I haven’t made any changes yet?


If you have done Step 1 & 2, I would go ahead make the change the the project and upload the project. You can then rebuild anytime.

Thanks for the helpful suggestion, Chris!