Understand key management

What does the above really mean ?

Key Store vs Key

A key store (.jks) is a storage of multiple keys.

A key store is encrypted by a password.

Each key in key store has a name (ie. Alias in this screenshot) and it has its own password also.

Key is private key. It has also a certificated (public key) with certificate information.

Upload key vs App signing key

Android Studio sign the AAB (Android App Bundle) with the above key during generation of release\myapp.abb.

It's the "Uploading key". Google store extract and keep the certificate of this upload key when uploading the first release.

All subsequent release must be signed by the same upload key. It's possible to change the uploading key but it has to go through the Google play support which is not annoyed. So don't lose your uploading key.

After checking that AAB was signed by correct uploading key, Google Play process the ABB to generate optimized APKs and sign them with App Signing Key. This app signing key is generated by Google Play and kept by Google Play.

The mobile device checks the Apk with the app signing key certificate when updating to new version of app.

The process allows dev the possibility to change the uploading key without changing the signing key.

Google Play console explains it as below