Getting your signing certificate hash of app

Android requires that all APKs are digitally signed with a certificate before being installed on a device or updated. The signing certificate hash of the application is a unique identifier of the certificate with which the application is signed. It is used to verify the origin of the application.

There are two common ways how developers can sign the application – manual or via Play App Signing. Manual app signing is when the developer owns a keystore, which is used to sign the application. Developers can use tools like keytool or apksigner to print certificate details, including the SHA-256 digest.

Using keytool:

keytool -printcert -jarfile file.apk

Using apksigner:

apksigner verify --print-certs myApplication.apk

With Play App Signing, Google manages and protects your app's signing key for you and uses it to sign your applications. SHA-256 fingerprint of the certificate can be found in Google Play Console > View App > Setup > App Signing > App Signing Key Certificate > SHA 256.

You will end up with SHA-256 like this example: 88:8c:7f:02:d6:2e:ed:3a:53:bb:9c:a6:6b:82:5c:0d:78:a8:e5:b6:b2:11:28:bc:f5:ac:67:c8:e0:a3:7c:5a

This hex string needs to be converted to Base64 form using this tool https://base64.guru/converter/encode/hex. Then just add the result (iIx/AtYu7TpTu5yma4JcDXio5bayESi89axnyOCjfFo=) to the array expectedSigningCertificateHashBase64.