Android Game Build & Sign Pipeline: Keys to AAB

Our video game development company runs independent projects, jointly creates games with the client and provides additional operational services. Expertise of our team allows us to cover all gaming platforms and develop an amazing product that matches the customer’s vision and players preferences.

From immersive apps to game worlds and 3D scenes

Our dedicated team for VR/AR/MR development, Unity production and 3D modeling & animation — with its own case studies and capability decks.

Visit the dedicated studio
Showing 1 of 1All 242 services
Android Game Build & Sign Pipeline: Keys to AAB
Medium
~1 day
Frequently Asked Questions

Our competencies

What are the stages of Game Development?

Latest works

  • image_games_mortal_motors_495_0.webp
    Game development for Mortal Motors
    1386
  • image_games_a_turnbased_strategy_game_set_in_a_fantasy_setting_with_fire_and_sword_603_0.webp
    A turn-based strategy game set in a fantasy setting, With Fire and Sword
    926
  • image_games_second_team_604_0.webp
    Game development for the company Second term
    544
  • image_games_phoenix_ii_606_0.webp
    3D animation - teaser for the game Phoenix 2.
    591

Problems with Google Play Signing: How to Avoid Them

You upload your APK to Play Console, it passes review—and two hours later you get a rejection: "Your APK is not signed with the upload key." Or the build is accepted, but a week later users report that Android asks to "remove the old version before installing" because the keystore changed between releases and Play App Signing wasn't activated in time. This error stems from a misconfigured keystore or a missed Play App Signing activation step. We've dealt with both cases on dozens of projects, including migrating major games with millions of installs. We saved up to 30% of bundle size using AAB and PAD. Our team, with 10+ years in gamedev (40+ projects), has developed a clear pipeline that eliminates these errors. We set up build and signing turnkey—get a consultation, we'll assess your project.

Keystore vs. Play App Signing: What's the Difference

Before Play App Signing (now mandatory for new apps), developers signed APKs with their own key—and that's the key users saw. Losing the keystore meant permanent inability to release updates (official Google documentation).

With Play App Signing, the scheme is two-tiered: an upload key (held by the developer) signs the APK when uploading to Play Console; Google verifies it and re-signs the final APK with its own app signing key before delivering to users. Losing the upload key is recoverable—Google allows a reset request. Losing the app signing key is not, but it's stored by Google.

For new apps, Play App Signing is enabled automatically. For existing apps, you must explicitly activate it by uploading the current key. Our guarantee: we help migrate keys without losing backward compatibility.

How to Set Up Play App Signing for an Existing Project

For apps already published without Play App Signing, the process requires caution. Go to Play Console, select the app, navigate to Release > Setup > App Signing. Then upload your current keystore (or just the certificate) for registration. After activation, all new versions will be signed by Google—the old key becomes the upload key. We've completed this transition for 15+ projects; average time is 1–2 days when the keystore is ready.

Building AAB Instead of APK

For some years now, Google Play requires Android App Bundle (.aab) for new apps. Unity generates AAB via BuildSettings with BuildAppBundle = true. AAB is smaller than APK and allows Play Console to generate device-optimized APKs (ABI split, texture compression split). This saves up to 30% on user traffic.

An important nuance for Unity games: when using IL2CPP and AAB, ensure Split Application Binary is enabled in Player Settings—otherwise the AAB may exceed the 150 MB download limit. Additional assets (Addressables, StreamingAssets) should be delivered via Play Asset Delivery (PAD), not bundled directly.

Play Asset Delivery is essential for games with large resources. Three delivery modes:

Mode Size Delivery Time
install-time up to 1 GB with install
fast-follow no limit right after install
on-demand no limit on request during gameplay

Integration with Unity via the Google.Play.AssetDelivery package requires reworking the asset loading system if not designed for PAD from the start. This is included in our full setup.

Why Automating with Fastlane Saves Time

The supply action (Fastlane lane for Google Play) can upload AAB to specific tracks (internal, alpha, beta, production), manage rollout percentage, and update store listings. In 2–5 days, we create a pipeline that handles these actions without manual intervention.

Authentication: via Service Account JSON with the "Release Manager" role in Play Console. This is more reliable than OAuth—the token doesn't expire and doesn't require interactive authorization on CI.

Example minimal Fastfile:

# fastlane/Fastfile
lane :upload_internal do
  gradle(task: 'assembleRelease')
  sign(keystore_path: ENV['KEYSTORE_PATH'], 
       keystore_password: ENV['KEYSTORE_PASSWORD'],
       key_alias: ENV['KEY_ALIAS'],
       key_password: ENV['KEY_PASSWORD'])
  supply(track: 'internal')
end

The keystore is stored encrypted in CI (GitHub Secrets, GitLab CI Variables, Vault). Never commit .jks or .keystore files to a repository—even a private one. For more on supply parameters, see Fastlane documentation.

Versioning

versionCode in Android must increase monotonically. In Unity, it's PlayerSettings.Android.bundleVersionCode. We auto-increment via a pre-build hook script or through Fastlane's increment_version_code. For CI builds, use the pipeline build number as part of the versionCode: baseVersion * 1000 + buildNumber. An error here is a common reason for publication rejection.

What's Included in Our Work

  • Audit of current signing scheme and keystore.
  • Configuration of Play App Signing (enable, migrate keys).
  • AAB build with optimizations (Split Binary, PAD).
  • Integration of Fastlane with CI (GitHub Actions, GitLab CI, Jenkins).
  • Versioning and automatic increment.
  • Documentation of the process and access.
  • Support during the first release.

Timelines

Task Timeline
One-off AAB build and upload to internal track 0.5–1 day
Set up Play App Signing + keys for CI 1–2 days
Full pipeline (Fastlane supply + tracks) 2–5 days
Play Asset Delivery integration 1–3 weeks
Migrate existing app to Play App Signing 1–2 days

Cost is calculated individually after analyzing your project structure and signing key status. Get a consultation—we'll assess your case.

Common Mistakes and How to Avoid Them

  • Changing keystore between releases → causes signature mismatch for users. Solution: always use one upload key.
  • Exceeding AAB limit → if Split Application Binary is disabled, the bundle can exceed 150 MB. Check Unity settings before building.
  • Not using PAD → loading all assets in the AAB slows installation and may cause ANR. On-demand mode solves the problem.

We guarantee your pipeline will run smoothly and publications will proceed without rejections. Contact us to discuss details.