# Android Production Readiness

Objective: Prepare the Jetpack Compose Android application for Google Play Store submission with hardened security, optimized performance, comprehensive testing, and full native feature integration.

Status legend: [ ] todo, [~] in-progress, [x] done

## Tasks

### Play Store Preparation
- [x] 01 — Play Store Listing Assets → `01-play-store-assets.md`
- [x] 02 — Feature Graphic & Promo Video → `02-feature-graphic.md`
- [x] 03 — Play Console Configuration → `03-play-console.md`
- [x] 04 — Internal Testing Track → `04-internal-testing.md`

### Security Hardening
- [x] 05 — Certificate Pinning & Network Security Config → `05-cert-pinning.md`
- [x] 06 — Root Detection & Obfuscation (R8/ProGuard) → `06-root-detection.md`
- [x] 07 — Encrypted SharedPreferences & DataStore Audit → `07-encrypted-storage.md`
- [x] 08 — OAuth & Social Login Integration → `08-oauth-social-login.md`

### Performance Optimization
- [x] 09 — Image Caching & Coil Optimization → `09-image-caching.md`
- [x] 10 — Pagination & List Performance → `10-pagination-lists.md`
- [x] 11 — Background Sync & WorkManager Optimization → `11-background-sync.md`
- [x] 12 — App Startup Time & ANR Prevention → `12-startup-anr.md`

### Native Features
- [x] 13 — Call Screening Service Production Hardening → `13-call-screening.md`
- [x] 14 — Notification Channels & Rich Notifications → `14-notifications.md`
- [x] 15 — App Shortcuts & Widgets → `15-shortcuts-widgets.md`
- [x] 16 — App Actions & Slices → `16-app-actions.md`

### Testing & QA
- [x] 17 — UI Test Suite (Compose Testing) → `17-ui-test-suite.md`
- [x] 18 — Screenshot Testing (Paparazzi) → `18-screenshot-testing.md`
- [x] 19 — Accessibility Audit (TalkBack) → `19-accessibility-audit.md`
- [x] 20 — Firebase Test Lab Integration → `20-firebase-test-lab.md`

### Backend Integration
- [x] 21 — Real API Client Verification & Wire-up → `21-api-verification.md`
- [x] 22 — Token Refresh & Session Management → `22-token-refresh.md`
- [x] 23 — Offline Sync & Conflict Resolution → `23-offline-sync.md`
- [x] 24 — FCM Push Notification Deep Linking → `24-fcm-deep-links.md`

### Play Store Compliance
- [x] 25 — Privacy Policy & Data Safety Form → `25-privacy-data-safety.md`
- [x] 26 — Permissions Justification & Declarations → `26-permissions.md`
- [x] 27 — Target API Level & Policy Compliance → `27-target-api-compliance.md`
- [x] 28 — Content Rating & Regional Compliance → `28-content-rating.md`

## Dependencies
- 01, 02, 03, 04 can be done in parallel (Play Store prep)
- 05, 06, 07, 08 can be done in parallel (security)
- 09, 10, 11, 12 can be done in parallel (performance)
- 13, 14, 15, 16 can be done in parallel (native features)
- 17, 18, 19, 20 can be done in parallel (testing)
- 21 must be done before 22, 23, 24 (backend integration foundation)
- 22, 23, 24 depend on 21
- 25, 26, 27, 28 can be done in parallel (compliance)
- All groups can proceed independently

## Exit Criteria
- Play Store listing complete with screenshots for phone, tablet, and foldable
- Feature graphic and promo video uploaded
- Internal testing track active with 20+ testers
- Certificate pinning active with network_security_config.xml
- Root detection blocking app usage or degrading gracefully
- R8/ProGuard enabled with release build shrinking and obfuscation
- EncryptedSharedPreferences used for all sensitive data
- OAuth and social login working (Google Sign-In)
- Coil image cache configured with 100MB disk limit
- All lists paginated with lazy loading (no ANRs on large datasets)
- WorkManager syncing every 15 minutes with battery optimization
- Cold start under 1.5 seconds on Pixel 6
- Call screening service filtering calls with <100ms latency
- Notification channels configured for alerts, marketing, and system
- App shortcuts for dashboard, alerts, and new scan
- Home screen widget showing threat score
- UI tests covering auth flow, dashboard navigation, and service screens
- Screenshot tests catching UI regressions on PR
- TalkBack labels on all interactive elements
- Firebase Test Lab tests passing on Pixel, Samsung, and Xiaomi devices
- All TRPC endpoints verified against backend contract
- Token refresh working silently without user interruption
- Offline queue resolving sync conflicts with server-wins strategy
- FCM deep links routing to correct screens with cold start
- Data safety form accurately declaring all collected data types
- All permissions justified with in-app rationale dialogs
- Target API level 36 with no deprecated API usage
- Content rating questionnaire completed accurately