[android] installation app blocked by play protect

When trying to install a signed application (app-release.apk), a "Blocked by Play Protect" alert is shown and the app is not installed. However, an unsigned application (app-debug.apk) can be installed without problems.

The error message:

Play Protect doesn't recognise this app's developer. Apps from unknown developers can sometimes be unsafe.

Why this error happened? What's the solution?

image of Error

This question is related to android signature google-play-protect

The answer is


Not the solution, but you can use debug key for signing release builds to avoid blocking the installation from Google Play Protect. It looks like Play Protect doesn't warn for builds signed with automatically generated debug.keystore.

Note that your debug builds are not unsigned, they are just signed with a debug key.

Of course, you cannot use the build for production distribution (Google Play, Amazon, etc.), but it's still worth for pre-production internal testing which requires a high-frequency feedback loop.

You can add a task to build release with debug.keystore by adding the configuration in build.gradle, something like:

android {
  buildTypes {
    // add after the `release` definition
    releaseDebugKey { initWith release }
  }

  signingConfigs {
    // use debug.keystore for releaseDebugKey builds
    releaseDebugKey { initWith debug }
  }
}

then execute ./gradlew assembleReleaseDebugKey to build a release build with debug key.


it is due to expired of debug certificate simply delete the debug.keystore located at

C:\Users\.android\

after that build your project the build tools will regenerate a new key and it will work fine. here is a reference:

https://developer.android.com/studio/publish/app-signing

Try to create a new key store and replace with old one, then rebuild a new signed APK.

Update: Note that if you're using a http connection with server ,you should use SSL.

Take a look at: https://developer.android.com/distribute/best-practices/develop/understand-play-policies


I solved this problem by changing my application package name according to signature certificate details. At first I created application with com.foo.xyz but my certificate organization was 'bar'. So I change my package name to com.bar.xyz and now there is no google play protect warning!


the only solution worked for me was using java keytool and generating a .keystore file the command line and then use that .keystore file to sign my app

you can find the java keytool at this directory C:\Program Files\Java\jre7\bin

open a command window and switch to that directory and enter a command like this

keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000

Keytool prompts you to provide passwords for the keystore, your name , company etc . note that at the last prompt you need to enter yes.

It then generates the keystore as a file called my-release-key.keystore in the directory you're in. The keystore and key are protected by the passwords you entered. The keystore contains a single key, valid for 10000 days. The alias is a name that you — will use later, to refer to this keystore when signing your application.

For more information about Keytool, see the documentation at: http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html

and for more information on signing Android apps go here: http://developer.android.com/tools/publishing/app-signing.html


If you are using some trackers like google analytics or amplitude and you are trying to release your app in another platforms other than Google Play, this errors appears for users. So there are two possible solutions:

  1. Use special trackers in your app (firebase and appmetrica are tested and are ok)
  2. Release your app in Google Play

I am adding this answer for others who are still seeking a solution to this problem if you don't want to upload your app on playstore then temporarily there is a workaround for this problem.

Google is providing safety device verification api which you need to call only once in your application and after that your application will not be blocked by play protect:

Here are there the links:

https://developer.android.com/training/safetynet/attestation#verify-attestation-response

Link for sample code project:

https://github.com/googlesamples/android-play-safetynet


There are three options to get rid of this warning:

  1. You need to disable Play Protect in Play Store -> Play Protect -> Settings Icon -> Scan Device for security threats
  2. Publish app at Google Play Store
  3. Submit an Appeal to the Play Protect.

Google play finds you as developer via your keystore.

and maybe your country IP is banned on Google when you generate your new keystore.

change your IP Address and generate new keystore, the problem will be fixed.

if you didn't succeed, use another Gmail in Android Studio and generate new keystore.


the solution lies in creating a new key when generating the signed apk. this worked for me without a fuss.

  1. click on Build
  2. click generate signed Bundle/APK...
  3. choose either Bundle / APK (in my case APK) and click Next
  4. click on create new (make sure you have a keystore path on the machine)
  5. after everything, click finish to generate your signed apk

when you install, the warning will not come.