Android Maps SDK for Android Not Working in Release

Question

I have an Android App that has been on the Play Store for a couple years now. I recently added Google Maps functionality to it.

If I leave the App unrestricted, the mapping sdk and activity work fine. I put the API Key generated from the Google Cloud Platform (console.cloud.google.com) in my app and all works well.

But it seems reasonable to restrict this key to my app only. This requires generating a SHA-1 certificate for your app and saving it to the Google Cloud Platform along with your package name.

In the Android Studio Terminal window, I execute the following command:

keytool -list -v -keystore your_keystore_name -alias your_alias_name

Using the 'your_keystore_name' specified in my build.gradle (app) file.

Oddly, it seems to generate the same SHA-1 certificate whether I specify '-alias your_alias_name' or not. Does this sound correct?

Back on the Google Cloud Platform, I click on Restrict to Android App and add the SHA-1 and my package name and click Save.

When I restrict in this way, the map view on my app stops working and displays a blank/gray screen. When I remove the restriction, it starts working again.

AndroidManifest.xml

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com....">

    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
    <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
    <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />

    <application
        ...>

        <meta-data
            android:name="com.google.android.geo.API_KEY"
            android:value="@string/google_maps_key" />

build.gradle (app)

apply plugin: 'com.android.application'

android {
    signingConfigs {
        debug {
            storeFile file(var)
            storePassword '...'
            keyAlias = '...'
            keyPassword '...'
        }
        release {
            storeFile file(var)
            storePassword '...'
            keyAlias = '...'
            keyPassword '...'
        }
    }
dependencies {
    :    :
    implementation 'com.google.android.gms:play-services-location:18.0.0'
    implementation 'androidx.navigation:navigation-fragment:2.3.5'
    implementation 'androidx.navigation:navigation-ui:2.3.5'
    implementation 'com.google.android.gms:play-services-maps:17.0.1'
    :    :
}

activity_maps.xml

<?xml version="1.0" encoding="utf-8"?>
<fragment xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:tools="http://schemas.android.com/tools"
    android:id="@+id/map"
    android:name="com.google.android.gms.maps.SupportMapFragment"
    android:layout_width="match_parent"
    android:layout_height="match_parent"
    tools:context=".MapsActivity" />

Answer 1

I worked with Google Cloud Platform support for a few days on this issue. After getting nowhere with a low-level support person, I asked to be escalated. This was done quickly and without negativity. Hooray for Google Support.

The issue was quickly cleared up with the escalation level support. I had originally (2 years ago) setup my app on the play store with 'Google Play App Signing'.

As such, if you published using Google Play App Signing, you get your SHA-1 from the Google Play Console on the Release > Setup > App Integrity page. Not by executing the keytool... command.

Once I applied this SHA-1 to my App restriction on the Google Cloud Platform for my App, everything is working correctly.