diff --git a/src/content/docs/en/sdk/android/v4/integrations/retrieve-certificate-fingerprints.mdx b/src/content/docs/en/sdk/android/v4/integrations/retrieve-certificate-fingerprints.mdx
new file mode 100644
index 0000000000..a9d78d0aa8
--- /dev/null
+++ b/src/content/docs/en/sdk/android/v4/integrations/retrieve-certificate-fingerprints.mdx
@@ -0,0 +1,195 @@
+---
+title: Retrieve Android certificate fingerprints
+description: Retrieve Android certificate fingerprints to configure Adjust features
+slug: en/sdk/android/v4/integrations/retrieve-certificate-fingerprints
+versions:
+ - label: v5
+ value: v5
+ default: true
+ - label: v4
+ value: v4
+redirects:
+ v5: /en/sdk/android/integrations/retrieve-certificate-fingerprints
+---
+
+A certificate fingerprint is a cryptographic hash of the public information held within a certificate. As described in [Google's documentation](https://developer.android.com/studio/publish/app-signing#api-providers), certificate fingerprints are public information designed to be used by third-parties for Android app verification. Adjust never requests private app signing keys.
+
+Adjust uses certificate fingerprints for the following features:
+
+| Feature | Hashing algorithm | Example |
+| ---------------------------------------------------------------------------------------------------- | ----------------- | ----------------------------------------------------------------------------------------------- |
+| [SDK Signature](https://help.adjust.com/en/article/sdk-signature#add-signatures-in-the-adjust-suite) | SHA-1 | C4:BD:07:91:BC:09:F8:B6:15:CD:BC:A3:3F:BC:68:8B:C2:EF:4F:F5 |
+| [Android App Links](https://help.adjust.com/en/article/set-up-android-app-links#set-up-in-appview) | SHA-256 | 55:FB:97:0F:46:0F:94:EC:07:EA:01:69:50:5A:20:3F:A0:91:60:A4:F1:33:58:EA:76:DC:54:9E:A7:6A:B9:1A |
+
+Check the table below for the best way to get certificate fingerprints based on your app's distribution methods. When configuring the Adjust dashboard, be sure to add all certificate fingerprints that are applicable for your builds.
+
+| Hosting service | Recommended approach |
+| ---------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
+| Google Play | [Google Play Console](#from-google-play-console) |
+| Google Play test track | [Google Play Console - Internal app sharing](#from-google-play-console---internal-app-sharing) |
+| Huawei AppGallery - App Signing Enabled | [AppGallery Connect](#from-appgallery-connect) |
+| • Huawei AppGallery - App Signing Disabled
• Other store, or direct APK download
• Local debug build | [Keystore](#from-a-keystore) or [APK](#from-an-apk) |
+
+#### From Google Play Console {#from-google-play-console}
+
+1. In [Google Play Console](https://play.google.com/console), go to your app.
+2. Under **Release**, go to **Setup > App signing**.
+3. If you're using Play App Signing, the **App signing key certificate** section will be present. In this section, copy the **SHA-1 certificate fingerprint** and/or **SHA-256 certificate fingerprint**.
+
+ 
+
+4. Under **Upload key certificate**, copy the **SHA-1 certificate fingerprint** and/or **SHA-256 certificate fingerprint**.
+
+ 
+
+#### From Google Play Console - Internal app sharing {#from-google-play-console---internal-app-sharing}
+
+1. In [Google Play Console](https://play.google.com/console), go to your app.
+2. Under **Release**, go to **Setup > Internal app sharing**.
+3. Under **Internal test certificate**, copy the **SHA-1 certificate fingerprint** and/or **SHA-256 certificate fingerprint**.
+
+ 
+
+#### From AppGallery Connect {#from-appgallery-connect}
+
+If you use Huawei App Signing, follow the below instructions. If you don't use Huawei App Signing, retrieve your certificate fingerprints [from a keystore](#from-a-keystore) or [from an APK](#from-an-apk).
+
+
+
+1. In [AppGallery Connect](https://developer.huawei.com/consumer/en/service/josp/agc/index.html), select **My Apps**.
+2. Select your app.
+3. Under **Services**, go to **App Signing**.
+4. Under **App Signature Certificate** and **Upload Certificate**, respectively, select **Download Certificate**.
+
+
+
+5. If needed, install openssl:
+
+ - macOS: `brew install openssl`
+ - Linux: Usually pre-installed or use your package manager
+ - Windows: Download from the OpenSSL website or use Windows Subsystem for Linux (WSL)
+
+6. Run the below `openssl` command on each certificate file ``:
+
+ ```bash
+ openssl x509 -fingerprint -in -noout -SHA1
+ ```
+
+7. Retrieve each SHA1 from the output:
+
+ ```
+ SHA1 Fingerprint=C4:BD:07:91:BC:09:F8:B6:15:CD:BC:A3:3F:BC:68:8B:C2:EF:4F:F5
+ ```
+
+
+
+1. In [AppGallery Connect](https://developer.huawei.com/consumer/en/service/josp/agc/index.html), select **My Apps**.
+2. Select your app.
+3. Under **Services**, go to **App Signing**.
+4. Under **App Signature Certificate** and **Upload Certificate**, respectively, copy each SHA-256 certificate fingerprint.
+
+
+
+
+
+
+#### From a keystore {#from-a-keystore}
+
+To retrieve certificate fingerprints from your keystore, follow these steps:
+
+1. If needed, install [Android Studio](https://developer.android.com/studio) or Java Development Kit (JDK) to get the `keytool` command.
+2. Locate your keystore:
+ - Self-managed keystore: path to the folder containing your .jks file
+ - Android default debug keystore:
+ - macOS/Linux: `~/.android/debug.keystore`
+ - Windows: `%USERPROFILE%\.android\debug.keystore`
+3. Run the below `keytool` command, replacing parameters as needed:
+
+ ```bash
+ # For self-managed keystore (replace with path to your .jks file):
+ keytool -list -v -keystore -alias
+
+ # For Android default debug keystore:
+ keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey
+ ```
+
+4. When prompted for the password, do the following:
+ - For a self-managed keystore, enter the password you set during keystore generation.
+ - For Android default debug keystore, enter `android`.
+5. Retrieve the SHA1 and/or SHA256 values from the output:
+
+ ```
+ [...]
+
+ SHA1: C4:BD:07:91:BC:09:F8:B6:15:CD:BC:A3:3F:BC:68:8B:C2:EF:4F:F5
+ SHA256: 55:FB:97:0F:46:0F:94:EC:07:EA:01:69:50:5A:20:3F:A0:91:60:A4:F1:33:58:EA:76:DC:54:9E:A7:6A:B9:1A
+
+ [...]
+ ```
+
+#### From an APK {#from-an-apk}
+
+To retrieve certificate fingerprints used to sign your APK, follow these steps:
+
+1. If needed, install [Android Studio](https://developer.android.com/studio) to get the [apksigner](https://developer.android.com/tools/apksigner) command.
+ - During Android Studio installation, ensure the Android SDK is installed (it's included by default).
+ - The Android SDK build-tools will be installed in the below locations:
+ - macOS/Linux: `~/Library/Android/sdk/build-tools//`
+ - Windows: `%LOCALAPPDATA%\Android\Sdk\build-tools\\`
+2. Run the below `apksigner` command, replacing the parameter:
+ ```bash
+ apksigner verify -v --print-certs
+ ```
+3. Retrieve the SHA-1 and/or SHA-256 values from the output. Apps may show a single signature:
+
+ ```
+ [...]
+
+ Signer #1 certificate SHA-1 digest: c4bd0791bc09f8b615cdbca33fbc688bc2ef4ff5
+ Signer #1 certificate SHA-256 digest: 55fb970f460f94ec07ea0169505a203fa09160a4f13358ea76dc549ea76ab91a
+
+ [...]
+ ```
+
+ Or different signatures for different Android versions:
+
+ ```
+ [...]
+
+ Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-1 digest: c4bd0791bc09f8b615cdbca33fbc688bc2ef4ff5
+ Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-256 digest: 55fb970f460f94ec07ea0169505a203fa09160a4f13358ea76dc549ea76ab91a
+
+ [...]
+
+ Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-1 digest: 9a3237ad99a97e8ea72df4fb096f28d544d5b8
+ Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-256 digest: 92e961bf8b67043d1af6061b4a926f6a94e2bb78b46a096639e8e2c2fb7784b0
+
+ [...]
+ ```
+
+ If multiple signatures are present, you'll need to configure all of them in the Adjust dashboard.
+
+
+ The Adjust dashboard requires SHA-256 certificate fingerprints to be entered
+ with colons separating each pair of characters (for example:
+ 55:fb:97:0f:46:0f:94:ec:07:ea:01:69:50:5a:20:3f:a0:91:60:a4:f1:33:58:ea:76:dc:54:9e:a7:6a:b9:1a).
+
+
+##### Extract APK from other formats {#extract-apk}
+
+If you have your app in a different format, you'll need to extract the APK first:
+
+- **XAPK or APKs files**: Container formats that include APKs and additional files.
+
+ 1. Rename app.xapk or app.apks to app.zip.
+ 2. Extract the contents.
+ 3. Locate the base APK in the extracted contents (usually the largest APK file if there are multiple).
+ 4. Use the `apksigner` command above on the extracted APK.
+
+- **AAB (Android App Bundle)**: A publishing format that contains APKs and resources.
+ 1. If needed, install the [bundletool](https://developer.android.com/tools/bundletool) command.
+ 2. Run the `bundletool` command to convert the AAB to APKs format, replacing the parameters:
+ ```bash
+ bundletool build-apks --bundle --output
+ ```
+ 3. Follow the steps above for APKs files.
diff --git a/src/content/docs/en/sdk/android/v4/integrations/signature-library.mdx b/src/content/docs/en/sdk/android/v4/integrations/signature-library.mdx
index 46623c865f..2965fac132 100644
--- a/src/content/docs/en/sdk/android/v4/integrations/signature-library.mdx
+++ b/src/content/docs/en/sdk/android/v4/integrations/signature-library.mdx
@@ -26,9 +26,9 @@ The SDK Signature library is configured to use [16KB page sizes](https://develop
To integrate the Signature library into your Android app, ensure the following:
-- The Android API version in use is **21 or greater**.
-- The Adjust SDK version in use is **4.38.2 or greater**. This requirement applies even when the Adjust SDK is used indirectly.
-- If you use Proguard, you must use the exact same Proguard configuration for both the Signature library and the Adjust SDK.
+- The Android API version in use is **21 or greater**.
+- The Adjust SDK version in use is **4.38.2 or greater**. This requirement applies even when the Adjust SDK is used indirectly.
+- If you use Proguard, you must use the exact same Proguard configuration for both the Signature library and the Adjust SDK.
@@ -40,15 +40,15 @@ Using external obfuscation tools with the Adjust SDK or Signature library can im
If you previously used Signature v1 or Signature v2, you first need to remove the previous version before integrating the Signature library. To do this:
-- If you previously integrated Signature v1, remove any code that calls to signature functions in your project.
-- If you previously integrated Signature v2, remove the Signature v2 library from your project.
+- If you previously integrated Signature v1, remove any code that calls to signature functions in your project.
+- If you previously integrated Signature v2, remove the Signature v2 library from your project.
### Updating the Signature Library {#updating-the-signature-library}
To update the Adjust Signature library, replace the existing Signature library with a new version and rerun your tests. You don't need to make any immediate changes to your app logic or settings in Adjust as long as your [certificates are configured and haven't been altered](https://help.adjust.com/en/article/sdk-signature#manage-your-certificate-fingerprints). Remember to [deactivate your secret IDs if they meet the following criteria](https://help.adjust.com/en/article/sdk-signature#manage-your-secret-ids):
-- They're no longer contributing to your install reporting.
-- You've fully released a new version of your app (across all app platforms and stores).
+- They're no longer contributing to your install reporting.
+- You've fully released a new version of your app (across all app platforms and stores).
## Integrate the signature library (SDK v4 only) {#integrate-the-signature-library}
@@ -96,122 +96,14 @@ The Signature library can’t verify the authenticity of your certificate finger
You must add the fingerprints of your signing certificates to the allowlist. If no fingerprints are added to the allowlist, traffic from your app can be spoofed.
-
-
-#### From a keystore {#from-a-keystore}
-
-If you use your own keystore, or if Android Studio generated a keystore for you, you can retrieve the certificate fingerprint by following these steps:
-
-1. Find the keystore file (`.jks`) you used to sign **the release version of your app**. The keystore must be the one you used to sign the release version sent to the Google Play Store. If the keystore is different, your SDK requests will be rejected.
-2. Run the following command to list your keys. Replace the parts in angle brackets with your information.
-
- ```console
- $ keytool -list -v -keystore -alias
- ```
-
- This command prompts you for your keystore password. This is the password you defined when you generated the keystore.
-
- The final output looks like this:
-
- ```text
- Alias name: Key0
- Creation date: May 15, 2018
- Entry type: PrivateKeyEntry
- Certificate chain length: 1
- Certificate[1]:
- Owner: CN=[Adjust, GmbH.]
- Issuer: CN=[Adjust, GmbH.]
- Serial number: 642f1b62
- Valid from: Tue May 15 09:46:06 CEST 2018 until: Sat May 09
- 09:46:06 CEST 2043
- Certificate fingerprints:
- MD5: E7:88:9F:8C:9D:F4:14:C1:CF:E8:4C:97:F3:F2:3A:E3
- SHA1:
- C4:BD:07:91:BC:09:F8:B6:15:CD:BC:A3:3F:BC:68:8B:C2:EF:4F:F5
- SHA256:
- 55:FB:97:0F:46:0F:94:EC:07:EA:01:69:50:5A:20:3F:A0:91:60:A4:F
- 1:33:58:EA:76:DC:54:9E:A7:6A:B9:1A
- Signature algorithm name: SHA256withRSA
- Subject Public Key Algorithm: 2048-bit RSA key
- Version: 3
- ```
-
-3. Save the SHA-1 fingerprint to [add to your allowlist in the Adjust Suite](#add-your-digital-certificate-fingerprints-to-adjusts-allowlist).
-
-#### From Google Play Internal App Sharing {#from-google-play-internal-app-sharing}
-
-If you use [Google Play Internal App Sharing](https://support.google.com/googleplay/android-developer/answer/9303479?hl=en), you need to send both your organization’s SHA-1 certificate fingerprint and your Internal test certificate fingerprint to Adjust for allowlisting.
-
-To extract the fingerprints:
-
-1. Navigate to the Google Play Console and log in.
-2. Select your app.
-3. Select **Release Management --> App Releases --> Manage internal app sharing > App certificates**.
-4. Save the **SHA-1 certificate fingerprint** for both the **Internal test certificate** and your organization’s keystore to [add to your allowlist in the Adjust Suite](#add-your-digital-certificate-fingerprints-to-adjusts-allowlist).
-
-
-
-#### From Google Play App Signing {#from-google-play-app-signing}
-
-If you use [Google Play App Signing](https://support.google.com/googleplay/android-developer/answer/7384423?hl=en), you need to send both your organization’s SHA-1 certificate fingerprint and your Internal test certificate fingerprint to Adjust for allowlisting.
-
-To extract the fingerprints:
-
-1. Navigate to the Google Play Console and log in.
-2. Select your app.
-3. Select **Release Management > App Signing**.
-4. Save the **SHA-1 certificate fingerprint** for both the **App signing certificate** and **Upload certificate** to send to Adjust.
-
-
-
-#### From Huawei AppGallery App Signing {#from-huawei-appgallery-app-signing}
-
-If you use Huawei AppGallery App Signing, you need to send both your organization’s SHA-1 certificate fingerprint and your Internal test certificate fingerprint to Adjust for allowlisting.
-
-
-
-If you use your own signing certificate with Huawei AppGallery, follow the [instructions for retrieving your certificate fingerprint from a keystore](#from-a-keystore).
-
-
-
-To extract the fingerprints:
-
-1. Navigate to the App Signing page in AppGallery Connect and download the App signing certificate (`certificate.pem`).
-
-
-
-2. Once you’ve downloaded the certificate, run the following command to output the SHA-1 fingerprint of the certificate.
-
- ```console
- $ openssl x509 -fingerprint -in certificate.pem -noout -SHA1
- ```
-
- The output looks like this:
-
- ```text
- SHA1 Fingerprint=C4:BD:07:91:BC:09:F8:B6:15:CD:BC:A3:3F:BC:68:8B:C2:EF:4F:F5
- ```
-
-3. Save the fingerprint to [add to your allowlist in the Adjust Suite](#add-your-digital-certificate-fingerprints-to-adjusts-allowlist)..
-
-### Add your digital certificate fingerprints to Adjust’s allowlist {#add-your-digital-certificate-fingerprints-to-adjust-s-allowlist}
-
-
-
Remember to add all certificate fingerprints you want to use to the Adjust suite. This might include debug versions and versions for different stores.
-Once you’ve obtained your certificate fingerprints, do the following to add them to your allowlist:
-
-1. Select your app in AppView to open the app details screen.
-2. Select the **Protection** tab.
-3. Select the **Edit** button on the **Suspicious installs** section.
-4. Under the **Android fingerprinting** section, select **New fingerprint**.
-5. Paste the SHA-1 fingerprint into the text box that appears.
-6. Select **Add**.
+Follow these steps to retrieve and configure your certificate fingerprints:
-That’s it! Your fingerprint is now allowlisted for your app.
+1. [Retrieve Android certificate fingerprints](/en/sdk/android/integrations/retrieve-certificate-fingerprints)
+2. [Configure them in the Adjust dashboard](https://help.adjust.com/en/article/sdk-signature#add-signatures-in-the-adjust-suite)
## Test your app {#test-your-app}
diff --git a/src/content/docs/en/sdk/android/v5/integrations/retrieve-certificate-fingerprints.mdx b/src/content/docs/en/sdk/android/v5/integrations/retrieve-certificate-fingerprints.mdx
new file mode 100644
index 0000000000..f920156ffb
--- /dev/null
+++ b/src/content/docs/en/sdk/android/v5/integrations/retrieve-certificate-fingerprints.mdx
@@ -0,0 +1,195 @@
+---
+title: Retrieve Android certificate fingerprints
+description: Retrieve Android certificate fingerprints to configure Adjust features
+slug: en/sdk/android/integrations/retrieve-certificate-fingerprints
+versions:
+ - label: v5
+ value: v5
+ default: true
+ - label: v4
+ value: v4
+redirects:
+ v4: /en/sdk/android/v4/integrations/retrieve-certificate-fingerprints
+---
+
+A certificate fingerprint is a cryptographic hash of the public information held within a certificate. As described in [Google's documentation](https://developer.android.com/studio/publish/app-signing#api-providers), certificate fingerprints are public information designed to be used by third-parties for Android app verification. Adjust never requests private app signing keys.
+
+Adjust uses certificate fingerprints for the following features:
+
+| Feature | Hashing algorithm | Example |
+| ---------------------------------------------------------------------------------------------------- | ----------------- | ----------------------------------------------------------------------------------------------- |
+| [SDK Signature](https://help.adjust.com/en/article/sdk-signature#add-signatures-in-the-adjust-suite) | SHA-1 | C4:BD:07:91:BC:09:F8:B6:15:CD:BC:A3:3F:BC:68:8B:C2:EF:4F:F5 |
+| [Android App Links](https://help.adjust.com/en/article/set-up-android-app-links#set-up-in-appview) | SHA-256 | 55:FB:97:0F:46:0F:94:EC:07:EA:01:69:50:5A:20:3F:A0:91:60:A4:F1:33:58:EA:76:DC:54:9E:A7:6A:B9:1A |
+
+Check the table below for the best way to get certificate fingerprints based on your app's distribution methods. When configuring the Adjust dashboard, be sure to add all certificate fingerprints that are applicable for your builds.
+
+| Hosting service | Recommended approach |
+| ---------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
+| Google Play | [Google Play Console](#from-google-play-console) |
+| Google Play test track | [Google Play Console - Internal app sharing](#from-google-play-console---internal-app-sharing) |
+| Huawei AppGallery - App Signing Enabled | [AppGallery Connect](#from-appgallery-connect) |
+| • Huawei AppGallery - App Signing Disabled
• Other store, or direct APK download
• Local debug build | [Keystore](#from-a-keystore) or [APK](#from-an-apk) |
+
+#### From Google Play Console {#from-google-play-console}
+
+1. In [Google Play Console](https://play.google.com/console), go to your app.
+2. Under **Release**, go to **Setup > App signing**.
+3. If you're using Play App Signing, the **App signing key certificate** section will be present. In this section, copy the **SHA-1 certificate fingerprint** and/or **SHA-256 certificate fingerprint**.
+
+ 
+
+4. Under **Upload key certificate**, copy the **SHA-1 certificate fingerprint** and/or **SHA-256 certificate fingerprint**.
+
+ 
+
+#### From Google Play Console - Internal app sharing {#from-google-play-console---internal-app-sharing}
+
+1. In [Google Play Console](https://play.google.com/console), go to your app.
+2. Under **Release**, go to **Setup > Internal app sharing**.
+3. Under **Internal test certificate**, copy the **SHA-1 certificate fingerprint** and/or **SHA-256 certificate fingerprint**.
+
+ 
+
+#### From AppGallery Connect {#from-appgallery-connect}
+
+If you use Huawei App Signing, follow the below instructions. If you don't use Huawei App Signing, retrieve your certificate fingerprints [from a keystore](#from-a-keystore) or [from an APK](#from-an-apk).
+
+
+
+1. In [AppGallery Connect](https://developer.huawei.com/consumer/en/service/josp/agc/index.html), select **My Apps**.
+2. Select your app.
+3. Under **Services**, go to **App Signing**.
+4. Under **App Signature Certificate** and **Upload Certificate**, respectively, select **Download Certificate**.
+
+
+
+5. If needed, install openssl:
+
+ - macOS: `brew install openssl`
+ - Linux: Usually pre-installed or use your package manager
+ - Windows: Download from the OpenSSL website or use Windows Subsystem for Linux (WSL)
+
+6. Run the below `openssl` command on each certificate file ``:
+
+ ```bash
+ openssl x509 -fingerprint -in -noout -SHA1
+ ```
+
+7. Retrieve each SHA1 from the output:
+
+ ```
+ SHA1 Fingerprint=C4:BD:07:91:BC:09:F8:B6:15:CD:BC:A3:3F:BC:68:8B:C2:EF:4F:F5
+ ```
+
+
+
+1. In [AppGallery Connect](https://developer.huawei.com/consumer/en/service/josp/agc/index.html), select **My Apps**.
+2. Select your app.
+3. Under **Services**, go to **App Signing**.
+4. Under **App Signature Certificate** and **Upload Certificate**, respectively, copy each SHA-256 certificate fingerprint.
+
+
+
+
+
+
+#### From a keystore {#from-a-keystore}
+
+To retrieve certificate fingerprints from your keystore, follow these steps:
+
+1. If needed, install [Android Studio](https://developer.android.com/studio) or Java Development Kit (JDK) to get the `keytool` command.
+2. Locate your keystore:
+ - Self-managed keystore: path to the folder containing your .jks file
+ - Android default debug keystore:
+ - macOS/Linux: `~/.android/debug.keystore`
+ - Windows: `%USERPROFILE%\.android\debug.keystore`
+3. Run the below `keytool` command, replacing parameters as needed:
+
+ ```bash
+ # For self-managed keystore (replace with path to your .jks file):
+ keytool -list -v -keystore -alias
+
+ # For Android default debug keystore:
+ keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey
+ ```
+
+4. When prompted for the password, do the following:
+ - For a self-managed keystore, enter the password you set during keystore generation.
+ - For Android default debug keystore, enter `android`.
+5. Retrieve the SHA1 and/or SHA256 values from the output:
+
+ ```
+ [...]
+
+ SHA1: C4:BD:07:91:BC:09:F8:B6:15:CD:BC:A3:3F:BC:68:8B:C2:EF:4F:F5
+ SHA256: 55:FB:97:0F:46:0F:94:EC:07:EA:01:69:50:5A:20:3F:A0:91:60:A4:F1:33:58:EA:76:DC:54:9E:A7:6A:B9:1A
+
+ [...]
+ ```
+
+#### From an APK {#from-an-apk}
+
+To retrieve certificate fingerprints used to sign your APK, follow these steps:
+
+1. If needed, install [Android Studio](https://developer.android.com/studio) to get the [apksigner](https://developer.android.com/tools/apksigner) command.
+ - During Android Studio installation, ensure the Android SDK is installed (it's included by default).
+ - The Android SDK build-tools will be installed in the below locations:
+ - macOS/Linux: `~/Library/Android/sdk/build-tools//`
+ - Windows: `%LOCALAPPDATA%\Android\Sdk\build-tools\\`
+2. Run the below `apksigner` command, replacing the parameter:
+ ```bash
+ apksigner verify -v --print-certs
+ ```
+3. Retrieve the SHA-1 and/or SHA-256 values from the output. Apps may show a single signature:
+
+ ```
+ [...]
+
+ Signer #1 certificate SHA-1 digest: c4bd0791bc09f8b615cdbca33fbc688bc2ef4ff5
+ Signer #1 certificate SHA-256 digest: 55fb970f460f94ec07ea0169505a203fa09160a4f13358ea76dc549ea76ab91a
+
+ [...]
+ ```
+
+ Or different signatures for different Android versions:
+
+ ```
+ [...]
+
+ Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-1 digest: c4bd0791bc09f8b615cdbca33fbc688bc2ef4ff5
+ Signer (minSdkVersion=24, maxSdkVersion=32) certificate SHA-256 digest: 55fb970f460f94ec07ea0169505a203fa09160a4f13358ea76dc549ea76ab91a
+
+ [...]
+
+ Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-1 digest: 9a3237ad99a97e8ea72df4fb096f28d544d5b8
+ Signer (minSdkVersion=33, maxSdkVersion=2147483647) certificate SHA-256 digest: 92e961bf8b67043d1af6061b4a926f6a94e2bb78b46a096639e8e2c2fb7784b0
+
+ [...]
+ ```
+
+ If multiple signatures are present, you'll need to configure all of them in the Adjust dashboard.
+
+
+ The Adjust dashboard requires SHA-256 certificate fingerprints to be entered
+ with colons separating each pair of characters (for example:
+ 55:fb:97:0f:46:0f:94:ec:07:ea:01:69:50:5a:20:3f:a0:91:60:a4:f1:33:58:ea:76:dc:54:9e:a7:6a:b9:1a).
+
+
+##### Extract APK from other formats {#extract-apk}
+
+If you have your app in a different format, you'll need to extract the APK first:
+
+- **XAPK or APKs files**: Container formats that include APKs and additional files.
+
+ 1. Rename `app.xapk` or `app.apks` to `app.zip`.
+ 2. Extract the contents.
+ 3. Locate the base APK in the extracted contents (usually the largest APK file if there are multiple).
+ 4. Use the `apksigner` command above on the extracted APK.
+
+- **AAB (Android App Bundle)**: A publishing format that contains APKs and resources.
+ 1. If needed, install the [bundletool](https://developer.android.com/tools/bundletool) command.
+ 2. Run the `bundletool` command to convert the AAB to APKs format, replacing the parameters:
+ ```bash
+ bundletool build-apks --bundle --output
+ ```
+ 3. Follow the steps above for APKs files.
diff --git a/src/content/docs/en/sdk/android/v5/integrations/signature-library.mdx b/src/content/docs/en/sdk/android/v5/integrations/signature-library.mdx
index 4589a01f34..8ae1af45c9 100644
--- a/src/content/docs/en/sdk/android/v5/integrations/signature-library.mdx
+++ b/src/content/docs/en/sdk/android/v5/integrations/signature-library.mdx
@@ -26,9 +26,9 @@ The SDK Signature library is configured to use [16KB page sizes](https://develop
To integrate the Signature library into your Android app, ensure the following:
-- The Android API version in use is **21 or greater**.
-- The Adjust SDK version in use is **4.38.2 or greater**. This requirement applies even when the Adjust SDK is used indirectly.
-- If you use Proguard, you must use the exact same Proguard configuration for both the Signature library and the Adjust SDK.
+- The Android API version in use is **21 or greater**.
+- The Adjust SDK version in use is **4.38.2 or greater**. This requirement applies even when the Adjust SDK is used indirectly.
+- If you use Proguard, you must use the exact same Proguard configuration for both the Signature library and the Adjust SDK.
@@ -40,15 +40,15 @@ Using external obfuscation tools with the Adjust SDK or Signature library can im
If you previously used Signature v1 or Signature v2, you first need to remove the previous version before integrating the Signature library. To do this:
-- If you previously integrated Signature v1, remove any code that calls to signature functions in your project.
-- If you previously integrated Signature v2, remove the Signature v2 library from your project.
+- If you previously integrated Signature v1, remove any code that calls to signature functions in your project.
+- If you previously integrated Signature v2, remove the Signature v2 library from your project.
### Updating the Signature Library {#updating-the-signature-library}
To update the Adjust Signature library, replace the existing Signature library with a new version and rerun your tests. You don't need to make any immediate changes to your app logic or settings in Adjust as long as your [certificates are configured and haven't been altered](https://help.adjust.com/en/article/sdk-signature#manage-your-certificate-fingerprints). Remember to [deactivate your secret IDs if they meet the following criteria](https://help.adjust.com/en/article/sdk-signature#manage-your-secret-ids):
-- They're no longer contributing to your install reporting.
-- You've fully released a new version of your app (across all app platforms and stores).
+- They're no longer contributing to your install reporting.
+- You've fully released a new version of your app (across all app platforms and stores).
## Integrate the signature library (SDK v4 only) {#integrate-the-signature-library}
@@ -96,122 +96,14 @@ The Signature library can’t verify the authenticity of your certificate finger
You must add the fingerprints of your signing certificates to the allowlist. If no fingerprints are added to the allowlist, traffic from your app can be spoofed.
-
-
-#### From a keystore {#from-a-keystore}
-
-If you use your own keystore, or if Android Studio generated a keystore for you, you can retrieve the certificate fingerprint by following these steps:
-
-1. Find the keystore file (`.jks`) you used to sign **the release version of your app**. The keystore must be the one you used to sign the release version sent to the Google Play Store. If the keystore is different, your SDK requests will be rejected.
-2. Run the following command to list your keys. Replace the parts in angle brackets with your information.
-
- ```console
- $ keytool -list -v -keystore -alias
- ```
-
- This command prompts you for your keystore password. This is the password you defined when you generated the keystore.
-
- The final output looks like this:
-
- ```text
- Alias name: Key0
- Creation date: May 15, 2018
- Entry type: PrivateKeyEntry
- Certificate chain length: 1
- Certificate[1]:
- Owner: CN=[Adjust, GmbH.]
- Issuer: CN=[Adjust, GmbH.]
- Serial number: 642f1b62
- Valid from: Tue May 15 09:46:06 CEST 2018 until: Sat May 09
- 09:46:06 CEST 2043
- Certificate fingerprints:
- MD5: E7:88:9F:8C:9D:F4:14:C1:CF:E8:4C:97:F3:F2:3A:E3
- SHA1:
- C4:BD:07:91:BC:09:F8:B6:15:CD:BC:A3:3F:BC:68:8B:C2:EF:4F:F5
- SHA256:
- 55:FB:97:0F:46:0F:94:EC:07:EA:01:69:50:5A:20:3F:A0:91:60:A4:F
- 1:33:58:EA:76:DC:54:9E:A7:6A:B9:1A
- Signature algorithm name: SHA256withRSA
- Subject Public Key Algorithm: 2048-bit RSA key
- Version: 3
- ```
-
-3. Save the SHA-1 fingerprint to [add to your allowlist in the Adjust Suite](#add-your-digital-certificate-fingerprints-to-adjusts-allowlist).
-
-#### From Google Play Internal App Sharing {#from-google-play-internal-app-sharing}
-
-If you use [Google Play Internal App Sharing](https://support.google.com/googleplay/android-developer/answer/9303479?hl=en), you need to send both your organization’s SHA-1 certificate fingerprint and your Internal test certificate fingerprint to Adjust for allowlisting.
-
-To extract the fingerprints:
-
-1. Navigate to the Google Play Console and log in.
-2. Select your app.
-3. Select **Release Management --> App Releases --> Manage internal app sharing > App certificates**.
-4. Save the **SHA-1 certificate fingerprint** for both the **Internal test certificate** and your organization’s keystore to [add to your allowlist in the Adjust Suite](#add-your-digital-certificate-fingerprints-to-adjusts-allowlist).
-
-
-
-#### From Google Play App Signing {#from-google-play-app-signing}
-
-If you use [Google Play App Signing](https://support.google.com/googleplay/android-developer/answer/7384423?hl=en), you need to send both your organization’s SHA-1 certificate fingerprint and your Internal test certificate fingerprint to Adjust for allowlisting.
-
-To extract the fingerprints:
-
-1. Navigate to the Google Play Console and log in.
-2. Select your app.
-3. Select **Release Management > App Signing**.
-4. Save the **SHA-1 certificate fingerprint** for both the **App signing certificate** and **Upload certificate** to send to Adjust.
-
-
-
-#### From Huawei AppGallery App Signing {#from-huawei-appgallery-app-signing}
-
-If you use Huawei AppGallery App Signing, you need to send both your organization’s SHA-1 certificate fingerprint and your Internal test certificate fingerprint to Adjust for allowlisting.
-
-
-
-If you use your own signing certificate with Huawei AppGallery, follow the [instructions for retrieving your certificate fingerprint from a keystore](#from-a-keystore).
-
-
-
-To extract the fingerprints:
-
-1. Navigate to the App Signing page in AppGallery Connect and download the App signing certificate (`certificate.pem`).
-
-
-
-2. Once you’ve downloaded the certificate, run the following command to output the SHA-1 fingerprint of the certificate.
-
- ```console
- $ openssl x509 -fingerprint -in certificate.pem -noout -SHA1
- ```
-
- The output looks like this:
-
- ```text
- SHA1 Fingerprint=C4:BD:07:91:BC:09:F8:B6:15:CD:BC:A3:3F:BC:68:8B:C2:EF:4F:F5
- ```
-
-3. Save the fingerprint to [add to your allowlist in the Adjust Suite](#add-your-digital-certificate-fingerprints-to-adjusts-allowlist)..
-
-### Add your digital certificate fingerprints to Adjust’s allowlist {#add-your-digital-certificate-fingerprints-to-adjust-s-allowlist}
-
-
-
Remember to add all certificate fingerprints you want to use to the Adjust suite. This might include debug versions and versions for different stores.
-Once you’ve obtained your certificate fingerprints, do the following to add them to your allowlist:
-
-1. Select your app in AppView to open the app details screen.
-2. Select the **Protection** tab.
-3. Select the **Edit** button on the **Suspicious installs** section.
-4. Under the **Android fingerprinting** section, select **New fingerprint**.
-5. Paste the SHA-1 fingerprint into the text box that appears.
-6. Select **Add**.
+Follow these steps to retrieve and configure your certificate fingerprints:
-That’s it! Your fingerprint is now allowlisted for your app.
+1. [Retrieve Android certificate fingerprints](/en/sdk/android/integrations/retrieve-certificate-fingerprints)
+2. [Configure them in the Adjust dashboard](https://help.adjust.com/en/article/sdk-signature#add-signatures-in-the-adjust-suite)
## Test your app {#test-your-app}
diff --git a/src/images/sig-v3/google-play-app-signing.png b/src/images/sig-v3/google-play-app-signing.png
new file mode 100644
index 0000000000..6da45e20bd
Binary files /dev/null and b/src/images/sig-v3/google-play-app-signing.png differ
diff --git a/src/images/sig-v3/google-play-internal-app-sharing.png b/src/images/sig-v3/google-play-internal-app-sharing.png
new file mode 100644
index 0000000000..5692661aeb
Binary files /dev/null and b/src/images/sig-v3/google-play-internal-app-sharing.png differ
diff --git a/src/images/sig-v3/google-play-upload.png b/src/images/sig-v3/google-play-upload.png
new file mode 100644
index 0000000000..5267d6b4e8
Binary files /dev/null and b/src/images/sig-v3/google-play-upload.png differ
diff --git a/src/images/sig-v3/huawei-sha1.png b/src/images/sig-v3/huawei-sha1.png
new file mode 100644
index 0000000000..348e1e6bd5
Binary files /dev/null and b/src/images/sig-v3/huawei-sha1.png differ
diff --git a/src/images/sig-v3/huawei-sha256.png b/src/images/sig-v3/huawei-sha256.png
new file mode 100644
index 0000000000..5dd183df8a
Binary files /dev/null and b/src/images/sig-v3/huawei-sha256.png differ