We integrate and configure release builds for Meta Quest Store — from keystore generation to final APK/AAB signing. No surprises on submission: all entitlements, manifest, and package settings are verified before sending. If you've encountered an INVALID_CREDENTIALS error after switching to a release keystore, most likely the fingerprint doesn't match. Let's outline the typical issues and how to resolve them.
Where exactly the signing chain breaks
The most common problem is a keystore mismatch between debug and release builds. Developers test for months with a debug keystore, everything works. Switching to a release keystore with a different SHA-1 breaks entitlements linked to the app in Horizon Developer Dashboard. Users install the app, open it, and get an authorization error in Platform SDK because OVRPlatform.Initialize() returns INVALID_CREDENTIALS.
The second class of issues is AndroidManifest.xml. Meta requires a set of specific permissions and intent-filters: com.oculus.permission.HAND_TRACKING, com.oculus.permission.EYE_TRACKING, com.oculus.intent.category.VR. If the app uses passthrough, you must explicitly include com.oculus.permission.USE_SCENE and horizonos.permission.USE_ANCHOR_API for spatial anchors. Miss one — the feature silently fails, with no log errors unless you enable verbose in adb logcat.
Separately, quest_categories and supported_input_devices in manifest.json (part of the Horizon Store package) are critical. An incorrect category or missing device list will cause automatic validation failure. Meta checks that the manifest matches the advertised features.
Release build process
We work through Oculus Developer Hub or directly via command line with adb and apksigner from Android SDK Build Tools. For Unity projects, we use Gradle wrapper with settings in launcherTemplate.gradle and mainTemplate.gradle.
Key steps for a correct release build:
-
Generate keystore via
keytoolwith parameters-keyalg RSA -keysize 2048 -validity 10000. Store it separately from the repository; save SHA-1 and SHA-256 in a secure project vault. In Unity: Player Settings → Publishing Settings → Use Custom Keystore. -
Set
target-api-levelto 32 or higher for new submissions (current requirement — check Horizon OS documentation as Meta periodically raises the minimum). -
Before submission, verify the signature:
apksigner verify --verbose --print-certs app-release.apk. Ensure the certificate chain is correct and the fingerprint matches the one registered in Dashboard. -
Test the signed build on device:
adb install -r app-release.apk. Remove the debug version completely first, otherwise the system may pick up old credentials.
Specifics for different distribution channels
Meta Quest Store includes several channels: App Lab (early testers without full review), Horizon Store (public release with full review), and SideQuest / sideloading for internal testing.
For App Lab and Horizon Store, signing requirements are identical — the only difference is the review process. Sideloading can use a debug keystore, but that is not a release flow.
If the project uses Passthrough API or Mixed Reality Utility Kit (MRUK), add a required_feature section with PASSTHROUGH in manifest.json. Without it, the app won't run on devices with passthrough disabled.
| Build Type | Keystore | Target API | Entitlement Check |
|---|---|---|---|
| Debug / Dev Mode | Debug keystore | Any | Optional |
| App Lab | Release keystore | ≥ 32 | Mandatory |
| Horizon Store | Release keystore | ≥ 32 | Mandatory + Meta review |
How the engagement works
We obtain access to the organization's Horizon Developer Dashboard or work through a provided App ID. We audit the current manifest and Gradle configuration. We set up the keystore infrastructure if missing. Then: build, signing, device testing, and packaging for submission.
If the project has been published previously and requires an update, we check keystore version compatibility and versionCode (Meta rejects packages with versionCode ≤ previous).
What is included in the work
- Audit of existing manifest and build configuration
- Generation and configuration of release keystore (with protection and backup)
- Configuration of AndroidManifest.xml and manifest.json per Meta requirements
- Build, signing, and device testing
- Packaging for submission (App Lab / Horizon Store)
- Documentation of the process and access credentials
- Support on review rejection (one iteration)
Why trust us with your build?
We have over 7 years working with VR/AR projects on Unity and Unreal Engine. We have released over 15 apps on Meta Quest Store. We know all typical pitfalls — from missing entitlements to incorrect manifest.json categories. We guarantee that the signed APK will pass Meta's automatic validation, provided the manifest from your side is correct.
Timeline: setup from scratch — 1-2 working days. If the project already exists with a correct manifest and only fixing signing and submission is needed — a few hours. Rejection iteration time depends on the reason.
We will assess your project for free — contact us (just write, plain text) and we will prepare a work plan and exact cost. Turnkey with review pass guarantee.





