We are blocked on releasing an update to our app because of an error related to a failed "proof of rotation" when trying to release our app on the play store.
Here is the exact error message for reference - "There is a previous APK signed with key rotation, but this release introduces an upgrade path to an APK with version code which does not include the same certificates in its proof-of-rotation".
We recently started using APK Signature scheme v3.1 and think that the error is related to the new verification scheme. We are trying to make sense of the documentation and came across this section which explains the v3 Signature scheme block format. It mentions the following: "APK Signature Scheme v3 Block is stored inside the APK Signing Block under ID 0xf05368c0". What is the ID 0xf05368c0 referring to here? Is this a memory address? How is this information valuable to developers? We were hoping this could help us identify the missing certificates in the proof-of-rotation.
The proof-of-rotation explanation also mentions that it looks for previous signing certificates used to sign our app. We were signing our app ourselves for a long time before switching to Play App Signing (around 5 years ago). Our app has 23 major previous releases, are we expected to include every certificate that we have ever used in the past 8+ years?
We would really appreciate any ideas to deal with this issue.
We have tried resetting our upload key etc based on feedback from google support but that doesn't make any difference because the issue seems to be related to the certificate itself.