# Play Console Release Checklist Track all Play Console configuration items for Kordant release. ## Phase 1: Preparation ### Keystore & Signing - [ ] Generate release keystore (`./scripts/generate-release-key.sh`) - [ ] Back up keystore to password manager - [ ] Back up keystore to offline secure storage - [ ] Create `key.properties` from template - [ ] Verify `key.properties` is in `.gitignore` - [ ] Test signed build: `./gradlew bundleProdRelease` - [ ] Verify R8 obfuscation: check mapping.txt in build outputs ### App Assets - [ ] App icon (512×512 PNG, non-transparent) - [ ] Feature graphic (1024×500, JPG or PNG) - [ ] Phone screenshots (2-8, 16:9 or 9:16) - [ ] Tablet screenshots (2-8, if supporting tablets) - [ ] Promo video (optional, 30-120 seconds) - [ ] Privacy policy URL live and accessible - [ ] Terms of service URL live and accessible ### Certificate Pins - [ ] Replace placeholder pins in `network_security_config.xml` - [ ] Extract production cert hash: ```bash echo | openssl s_client -connect api.kordant.com:443 -servername api.kordant.com 2>/dev/null \ | openssl x509 -pubkey -noout \ | openssl pkey -pubin -outform der 2>/dev/null \ | openssl dgst -sha256 -binary \ | openssl enc -base64 ``` - [ ] Add backup pin for rotation --- ## Phase 2: Play Console Setup ### App Creation - [ ] Create app in Play Console - [ ] App name: Kordant - [ ] Default language: English (US) - [ ] Type: App - [ ] Pricing: Free ### App Signing - [ ] Upload upload key certificate - [ ] Enable Google Play App Signing - [ ] Download and backup the Google-managed app signing key - [ ] Record SHA-256 fingerprint for Firebase/Google Sign-In ### Default App Information - [ ] Contact email: support@kordant.ai - [ ] Website: https://kordant.ai - [ ] Privacy policy URL: https://kordant.ai/privacy --- ## Phase 3: Store Listing ### Main Store Listing - [ ] Title: Kordant - [ ] Short description (80 chars) - [ ] Full description (4000 chars) - [ ] Category: Tools - [ ] App icon uploaded - [ ] Feature graphic uploaded - [ ] Phone screenshots uploaded - [ ] Tablet screenshots uploaded (if applicable) ### Localization - [ ] English (US) — default - [ ] Additional languages (plan for later) --- ## Phase 4: Distribution ### Pricing & Distribution - [ ] Price: Free - [ ] Countries: Select target markets - [ ] Age rating: Complete IARC questionnaire ### Content Rating (IARC) - [ ] In-Game Purchases: Yes (subscriptions) - [ ] Users Interact: Yes - [ ] Shares Info: Yes - [ ] All other content questions answered - [ ] Expected rating: Everyone or Everyone 10+ ### Data Safety Form - [ ] Data types declared - [ ] Collection purposes explained - [ ] Data sharing disclosed - [ ] Encryption practices documented - [ ] Data deletion option described --- ## Phase 5: Testing ### Internal Testing Track - [ ] Internal testing track created - [ ] Testers added (minimum 20) - [ ] Testers accepted invitations - [ ] First AAB uploaded - [ ] AAB processing complete - [ ] Testers can install from testing link - [ ] App functions correctly on test devices ### Firebase Test Lab - [ ] Robo tests passing on Pixel 6 - [ ] Robo tests passing on Samsung Galaxy S21 - [ ] Robo tests passing on Xiaomi Redmi - [ ] Instrumentation tests passing on all devices - [ ] No crashes across device matrix - [ ] Cold start under 1.5s on Pixel 6 --- ## Phase 6: Monetization (if applicable) ### Subscriptions - [ ] Pro Monthly (`pro_monthly`) - [ ] Pro Annual (`pro_annual`) - [ ] Family Monthly (`family_monthly`) - [ ] Family Annual (`family_annual`) ### Managed Products - [ ] Single Scan (`single_scan`) - [ ] Removal Pack (`removal_pack`) ### Promo Codes - [ ] Internal testing codes generated - [ ] Beta tester codes generated --- ## Phase 7: Security & Integrity ### Play Integrity API - [ ] Play Integrity enabled in Play Console - [ ] `PlayIntegrityManager` integrated in app - [ ] Server-side verification configured - [ ] Nonce-based replay protection implemented ### App Integrity - [ ] Certificate pinning active (real hashes) - [ ] Root detection blocking/degrading gracefully - [ ] EncryptedSharedPreferences for sensitive data - [ ] Network security config blocks cleartext - [ ] Backup disabled (`android:allowBackup="false"`) --- ## Phase 8: Pre-Release Verification ### Build Verification - [ ] Release build: `./gradlew bundleProdRelease` - [ ] No R8/ProGuard crashes - [ ] All TRPC endpoints functional - [ ] Google Sign-In working with production SHA-256 - [ ] FCM push notifications working - [ ] Deep links routing correctly - [ ] Offline queue resolving sync conflicts - [ ] Token refresh working silently ### Play Console Verification - [ ] All sections show green/complete - [ ] No policy violations - [ ] Store listing preview looks correct - [ ] All screenshots display properly - [ ] Feature graphic displays correctly ### Final Checks - [ ] Version code incremented - [ ] Version name updated - [ ] Release notes written - [ ] ProGuard mapping.txt saved - [ ] Keystore backed up --- ## Notes - **Keystore**: If lost, you can still upload new versions with a new key, but existing users won't be able to update. Google Play App Signing mitigates this risk. - **Version codes**: Must be strictly increasing. Never reuse a versionCode. - **Processing time**: AAB processing can take 10-30 minutes after upload. - **Review time**: First-time app review can take up to 7 days. Subsequent updates are faster. - **Internal testing**: Fastest distribution method. Testers get immediate access after rollout.