Google Play Signing Fingerprints

When Google Play App Signing is enabled, the certificate that signs installed releases can differ from local debug or upload certificates.

Which fingerprint Attriax needs

Add every certificate that might sign a build users open through Android App Links.

Debug

Useful for local physical-device testing and emulator smoke checks.

Upload

The certificate your CI or release process uses to upload artifacts to Play.

Play App Signing

The certificate Google Play uses to sign installs delivered to users. This is the easy one to miss.

How to retrieve Play App Signing SHA-256

The exact UI label can move, but it lives in Play Console's app signing area.

Open Google Play Console for the app.
Open Setup, then App integrity, then App signing.
Copy the SHA-256 certificate fingerprint from the App signing key certificate section.
Paste it into Attriax Android platform configuration alongside debug or upload fingerprints.

Why it matters

Android App Links verification compares the installed app signing certificate with assetlinks.json.

If assetlinks.json contains only the upload or debug certificate, verified links can work in testing but fail for production installs from Google Play. Easy Setup marks this as manual because a local code scan usually cannot see the Play signing certificate.