finish android task suite

android/docs/play-console-checklist.md

@@ -0,0 +1,192 @@
+# Play Console Release Checklist
+
+Track all Play Console configuration items for Kordant release.
+
+## Phase 1: Preparation
+
+### Keystore & Signing
+- [ ] Generate release keystore (`./scripts/generate-release-key.sh`)
+- [ ] Back up keystore to password manager
+- [ ] Back up keystore to offline secure storage
+- [ ] Create `key.properties` from template
+- [ ] Verify `key.properties` is in `.gitignore`
+- [ ] Test signed build: `./gradlew bundleProdRelease`
+- [ ] Verify R8 obfuscation: check mapping.txt in build outputs
+
+### App Assets
+- [ ] App icon (512×512 PNG, non-transparent)
+- [ ] Feature graphic (1024×500, JPG or PNG)
+- [ ] Phone screenshots (2-8, 16:9 or 9:16)
+- [ ] Tablet screenshots (2-8, if supporting tablets)
+- [ ] Promo video (optional, 30-120 seconds)
+- [ ] Privacy policy URL live and accessible
+- [ ] Terms of service URL live and accessible
+
+### Certificate Pins
+- [ ] Replace placeholder pins in `network_security_config.xml`
+- [ ] Extract production cert hash:
+  ```bash
+  echo | openssl s_client -connect api.kordant.com:443 -servername api.kordant.com 2>/dev/null \
+    | openssl x509 -pubkey -noout \
+    | openssl pkey -pubin -outform der 2>/dev/null \
+    | openssl dgst -sha256 -binary \
+    | openssl enc -base64
+  ```
+- [ ] Add backup pin for rotation
+
+---
+
+## Phase 2: Play Console Setup
+
+### App Creation
+- [ ] Create app in Play Console
+- [ ] App name: Kordant
+- [ ] Default language: English (US)
+- [ ] Type: App
+- [ ] Pricing: Free
+
+### App Signing
+- [ ] Upload upload key certificate
+- [ ] Enable Google Play App Signing
+- [ ] Download and backup the Google-managed app signing key
+- [ ] Record SHA-256 fingerprint for Firebase/Google Sign-In
+
+### Default App Information
+- [ ] Contact email: support@kordant.ai
+- [ ] Website: https://kordant.ai
+- [ ] Privacy policy URL: https://kordant.ai/privacy
+
+---
+
+## Phase 3: Store Listing
+
+### Main Store Listing
+- [ ] Title: Kordant
+- [ ] Short description (80 chars)
+- [ ] Full description (4000 chars)
+- [ ] Category: Tools
+- [ ] App icon uploaded
+- [ ] Feature graphic uploaded
+- [ ] Phone screenshots uploaded
+- [ ] Tablet screenshots uploaded (if applicable)
+
+### Localization
+- [ ] English (US) — default
+- [ ] Additional languages (plan for later)
+
+---
+
+## Phase 4: Distribution
+
+### Pricing & Distribution
+- [ ] Price: Free
+- [ ] Countries: Select target markets
+- [ ] Age rating: Complete IARC questionnaire
+
+### Content Rating (IARC)
+- [ ] In-Game Purchases: Yes (subscriptions)
+- [ ] Users Interact: Yes
+- [ ] Shares Info: Yes
+- [ ] All other content questions answered
+- [ ] Expected rating: Everyone or Everyone 10+
+
+### Data Safety Form
+- [ ] Data types declared
+- [ ] Collection purposes explained
+- [ ] Data sharing disclosed
+- [ ] Encryption practices documented
+- [ ] Data deletion option described
+
+---
+
+## Phase 5: Testing
+
+### Internal Testing Track
+- [ ] Internal testing track created
+- [ ] Testers added (minimum 20)
+- [ ] Testers accepted invitations
+- [ ] First AAB uploaded
+- [ ] AAB processing complete
+- [ ] Testers can install from testing link
+- [ ] App functions correctly on test devices
+
+### Firebase Test Lab
+- [ ] Robo tests passing on Pixel 6
+- [ ] Robo tests passing on Samsung Galaxy S21
+- [ ] Robo tests passing on Xiaomi Redmi
+- [ ] Instrumentation tests passing on all devices
+- [ ] No crashes across device matrix
+- [ ] Cold start under 1.5s on Pixel 6
+
+---
+
+## Phase 6: Monetization (if applicable)
+
+### Subscriptions
+- [ ] Pro Monthly (`pro_monthly`)
+- [ ] Pro Annual (`pro_annual`)
+- [ ] Family Monthly (`family_monthly`)
+- [ ] Family Annual (`family_annual`)
+
+### Managed Products
+- [ ] Single Scan (`single_scan`)
+- [ ] Removal Pack (`removal_pack`)
+
+### Promo Codes
+- [ ] Internal testing codes generated
+- [ ] Beta tester codes generated
+
+---
+
+## Phase 7: Security & Integrity
+
+### Play Integrity API
+- [ ] Play Integrity enabled in Play Console
+- [ ] `PlayIntegrityManager` integrated in app
+- [ ] Server-side verification configured
+- [ ] Nonce-based replay protection implemented
+
+### App Integrity
+- [ ] Certificate pinning active (real hashes)
+- [ ] Root detection blocking/degrading gracefully
+- [ ] EncryptedSharedPreferences for sensitive data
+- [ ] Network security config blocks cleartext
+- [ ] Backup disabled (`android:allowBackup="false"`)
+
+---
+
+## Phase 8: Pre-Release Verification
+
+### Build Verification
+- [ ] Release build: `./gradlew bundleProdRelease`
+- [ ] No R8/ProGuard crashes
+- [ ] All TRPC endpoints functional
+- [ ] Google Sign-In working with production SHA-256
+- [ ] FCM push notifications working
+- [ ] Deep links routing correctly
+- [ ] Offline queue resolving sync conflicts
+- [ ] Token refresh working silently
+
+### Play Console Verification
+- [ ] All sections show green/complete
+- [ ] No policy violations
+- [ ] Store listing preview looks correct
+- [ ] All screenshots display properly
+- [ ] Feature graphic displays correctly
+
+### Final Checks
+- [ ] Version code incremented
+- [ ] Version name updated
+- [ ] Release notes written
+- [ ] ProGuard mapping.txt saved
+- [ ] Keystore backed up
+
+---
+
+## Notes
+
+- **Keystore**: If lost, you can still upload new versions with a new key, but existing users won't be able to update. Google Play App Signing mitigates this risk.
+- **Version codes**: Must be strictly increasing. Never reuse a versionCode.
+- **Processing time**: AAB processing can take 10-30 minutes after upload.
+- **Review time**: First-time app review can take up to 7 days. Subsequent updates are faster.
+- **Internal testing**: Fastest distribution method. Testers get immediate access after rollout.