Google Play Protect & signing keys

Since January 12, 2023 Google Play Protect warns users when installing apps signed with the standard Android debug keystore, which is the default keystore used by App Cloner when signing clones.

Play Protect claims the app may be harmful. It is certainly possible that some harmful Android apps also use the Android debug keystore, however, in the case of App Cloner generated clones, this warning is a false positive that you can safely ignore. You can install generated clones by tapping on Details and then Install anyway.

Play Protect also scans apps already installed and warns users about any apps signed with this keystore. Although we don’t recommend this, you have the possibility to turn off Play Protect by opening the Play Protect settings and turning off the options Scan apps with Play Protect and Improve harmful app detection.

New signing key

App Cloner 2.16.2 introduces a new signing key, which is not detected as harmful by Google Play Protect. By default, the automatic key selection uses the new signing key, unless you have a clone installed that was signed with the old key, in which case it signs the cloned app with the old key that triggers the Play Protect warning, but this allows you to update existing clones. App Cloner shows a warning message whenever the old signing key is used while cloning.

If there’s no existing clone installed or, if the existing clone already uses the new signing key, App Cloner automatically uses the new signing key.

Note that installed clones must be uninstalled when changing the signing key. If you decide to update the signing key, please make sure to back up any of the cloned app’s internal data, e.g. by logging in and synchronizing the app’s data with the app server or possibly by using the Export & import app data add-on.

The cloning option Default signing key allows you to control which key is used (new or old) for signing clones. For instance, if you need to update a set of clones on another device and these clones still use the old signing key, you can force App Cloner to use the old key, even if App Cloner cannot see any of the clones installed locally.

If you use a custom certificate the Default signing key option is disabled.

If Google Play is not installed, App Cloner still uses the new signing key if possible but it does not show any messages about Google Play Protect when using the old key to update existing clones.