Godot Version
4.4.1
Question
I'm currently in Quest encryption hell. Anyone done this before for the Quest? It seems different than other platforms because of weird permissions on the quest.
So I’ve followed the docs for encryption.
ref: Compiling with PCK encryption key — Godot Engine (4.4) documentation in English
So I followed the warning at the top first to encrypt the godot android templates with the environment variable: SCRIPT_AES256_ENCRYPTION_KEY and scons it produces the corresponding *.so files.
Then after gradlew I have lovely debug and release apks.
What’s strange is that the editor does not expose the custom templates variables. I see these guys in the export_presets.cfg
➜ drone_game git:(main) ✗ ag custom_template export_presets.cfg
23:custom_template/debug=""
24:custom_template/release=""
But if I edit them, the editor clears them out, so for the moment I found the 4.4.1 stable debug/release templates and overwrote them with my compiled godot templates.
It compiles fine, but not sure if this is the way.
I followed the doc which says to enable apk expansion. This is kinda weird because it requires entering a dummy public key which I guess is only used for the google play store? At any rate I’ve done that as well.
I then entered my encryption key in the encryption tab and entered *.* for all of the files.
It does indeed barf out an obb and an apk if I export from this window.
When I try to sideload the sucker directly from the main editor window the game just spins forever. I also noticed that if I run it on the quest, (using adb shell) it doesn’t put the obb file over on the quest. I did this manually with the shell user into the correct place (based upon where the Quest puts the obb as a release beta downloading it from them):
adb push main.17.com.waterceiling.debug.aerial_zordnance_unit.obb /sdcard/Android/obb/com.waterceiling.aerial_zordnance_unit/
But in looking at the permissions when I do this manually through adb they aren’t correct.
To debug further I thought it was just a permissions issue so I uploaded a release binary and corresponding obb to quest’s store and downloaded it. It installed the apk correctly and the obb with correct permissions. Compare below the owner of my game to a test directory I created with the shell user:
drwxrws--- 2 u0_a205 ext_obb_rw 4096 2025-10-27 14:28 com.waterceiling.aerial_zordnance_unit
drwxrws--x 2 shell ext_obb_rw 4096 2025-10-27 15:03 poop
But, even with the correct permissions my game just spins and never loads and logcat doesn’t give me anything helpful.
So my question is for someone who has gotten this encryption working specifically on the Quest since their permissions are different than a regular Android phone since version 12+ I guess? Should this encryption work when I run an export to my quest in the Editor? Like I said, it never installs the obb automatically.
Also, it wasn’t clear from the docs, but should I also be replacing the android_source.zip template as well? or is it sufficient to simply replace my release and debug apks?
➜ 4.4.1.stable ls android_*
android_debug.apk android_release.apk android_source.zip
I know that was a lot. Please let me know if you need additional information.
One last comment about things I’ve checked:
- apk correctly has _cl_ which are the saved commandline args to invoke expansion pack insertion
- logcat doesn’t show any encryption errors which I’d expect if things were going haywire with wrong keys, etc.
- obb is definitely encrypted and has all of the assets
- added read external storage permissions in export options
- deleted my android/build and reinstalled using the new android_source.zip that I compiled no dice
- tonight I’m going to just go through the godot source and spam logcat so I can see exactly where we die…
this guy 