We recently had a painful experience and wanted to share it with the game dev community so you can learn from it and not make the same mistake we did. Do you ever have problems keeping track of your keys? I’m constantly misplacing my keys and asking my wife if she has seen them. If you’re an app developer you have a set of virtual keys that are just as important as your physical keys and those keys are your keystore files for Android and provisioning profiles for iOS. I don’t know how much you know about the differences in the signing processes between iOS and Android, but they are quite a bit different. Apple holds your hand and helps you manage those provisioning profiles in the developer area of their site. Android, on the other hand, completely turns you loose and gives you full control of managing your own keystores. Its a kin to two different parenting styles, where the Apple dad knows that their children are going to mess up sometimes and believes its good to have a safety net, so they don’t completely screw up their lives. While the Android dad believes that kids should live their lives and learn from their mistakes and nudges them out of the nest to fly on their own. You can argue the merits of each approach, but they are different and those little magic files you sign your apps with are different as well. If you misplace your iOS provisioning profile, papa Jobs has a spare copy for you to download. If you misplace your keystore, in the words of Walter from Big Lebowski…”You’re entering a world of pain”.
We entered that world of pain recently. Two of our computers died and the keystore for signing the Nook version of Float could not be found. We had all of the other files for that game in our repo, but for the life of us we could not find that keystore file. The kicker of the whole story is that we pushed an update to Float where we added more modes and signed it with a different keystore than the first time. We didn’t realize that we had signed with a different keystore and Barnes & Noble didn’t catch it either. When people when to update Float, they couldn’t get it to work. Not only couldn’t they get the update to work, but they could no longer play the old version either. Emails from 20,000 mothers informing me that their children could no longer play the game that they loved quickly started to pour in. …”A world of pain.” That isn’t a situation any app developer wants to be in. So we did some research to see if we could extract the keystore or recreate it in some way and needless to say—keystores are like beautiful unique snowflakes. There is absolutely no way to fake or recreate the keystores used to sign your apps and thats the point. Its a security measure and a very good one.
Long story short, after some back and forth with B&N, which I must say they were very helpful and they have an awesome team, we submitted Float HD. We had to submit a completely new app and allow it to be free for one week so all the people having problems could switch over to the new version and the old version of the app was removed from the store. The solution was kind of a bummer because Float was the second highest rated game just behind Angry Birds, but if you do some research on lost keystore you will find that our story is far better than some of the horror stories people have gone through. For example, one developer signed twenty of his paid apps with the same keystore and his laptop was stolen. He now has twenty apps that he can no longer update…ouch. Moral of the story? Hold on to your keystore file kids. Store them in a repo, email them to your self, send them to a friend, put them on a usb key and stash it in a safe. Whatever you do, just make sure you have it backed up somewhere.