Mike/Kordant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
Kordant/android/docs/play-console-checklist.md

193 lines
5.5 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Play Console Release Checklist
Track all Play Console configuration items for Kordant release.
## Phase 1: Preparation
### Keystore & Signing
- [ ] Generate release keystore (`./scripts/generate-release-key.sh`)
- [ ] Back up keystore to password manager
- [ ] Back up keystore to offline secure storage
- [ ] Create `key.properties` from template
- [ ] Verify `key.properties` is in `.gitignore`
- [ ] Test signed build: `./gradlew bundleProdRelease`
- [ ] Verify R8 obfuscation: check mapping.txt in build outputs
### App Assets
- [ ] App icon (512×512 PNG, non-transparent)
- [ ] Feature graphic (1024×500, JPG or PNG)
- [ ] Phone screenshots (2-8, 16:9 or 9:16)
- [ ] Tablet screenshots (2-8, if supporting tablets)
- [ ] Promo video (optional, 30-120 seconds)
- [ ] Privacy policy URL live and accessible
- [ ] Terms of service URL live and accessible
### Certificate Pins
- [ ] Replace placeholder pins in `network_security_config.xml`
- [ ] Extract production cert hash:
```bash
echo | openssl s_client -connect api.kordant.com:443 -servername api.kordant.com 2>/dev/null \
| openssl x509 -pubkey -noout \
| openssl pkey -pubin -outform der 2>/dev/null \
| openssl dgst -sha256 -binary \
| openssl enc -base64
```
- [ ] Add backup pin for rotation
---
## Phase 2: Play Console Setup
### App Creation
- [ ] Create app in Play Console
- [ ] App name: Kordant
- [ ] Default language: English (US)
- [ ] Type: App
- [ ] Pricing: Free
### App Signing
- [ ] Upload upload key certificate
- [ ] Enable Google Play App Signing
- [ ] Download and backup the Google-managed app signing key
- [ ] Record SHA-256 fingerprint for Firebase/Google Sign-In
### Default App Information
- [ ] Contact email: support@kordant.ai
- [ ] Website: https://kordant.ai
- [ ] Privacy policy URL: https://kordant.ai/privacy
---
## Phase 3: Store Listing
### Main Store Listing
- [ ] Title: Kordant
- [ ] Short description (80 chars)
- [ ] Full description (4000 chars)
- [ ] Category: Tools
- [ ] App icon uploaded
- [ ] Feature graphic uploaded
- [ ] Phone screenshots uploaded
- [ ] Tablet screenshots uploaded (if applicable)
### Localization
- [ ] English (US) — default
- [ ] Additional languages (plan for later)
---
## Phase 4: Distribution
### Pricing & Distribution
- [ ] Price: Free
- [ ] Countries: Select target markets
- [ ] Age rating: Complete IARC questionnaire
### Content Rating (IARC)
- [ ] In-Game Purchases: Yes (subscriptions)
- [ ] Users Interact: Yes
- [ ] Shares Info: Yes
- [ ] All other content questions answered
- [ ] Expected rating: Everyone or Everyone 10+
### Data Safety Form
- [ ] Data types declared
- [ ] Collection purposes explained
- [ ] Data sharing disclosed
- [ ] Encryption practices documented
- [ ] Data deletion option described
---
## Phase 5: Testing
### Internal Testing Track
- [ ] Internal testing track created
- [ ] Testers added (minimum 20)
- [ ] Testers accepted invitations
- [ ] First AAB uploaded
- [ ] AAB processing complete
- [ ] Testers can install from testing link
- [ ] App functions correctly on test devices
### Firebase Test Lab
- [ ] Robo tests passing on Pixel 6
- [ ] Robo tests passing on Samsung Galaxy S21
- [ ] Robo tests passing on Xiaomi Redmi
- [ ] Instrumentation tests passing on all devices
- [ ] No crashes across device matrix
- [ ] Cold start under 1.5s on Pixel 6
---
## Phase 6: Monetization (if applicable)
### Subscriptions
- [ ] Pro Monthly (`pro_monthly`)
- [ ] Pro Annual (`pro_annual`)
- [ ] Family Monthly (`family_monthly`)
- [ ] Family Annual (`family_annual`)
### Managed Products
- [ ] Single Scan (`single_scan`)
- [ ] Removal Pack (`removal_pack`)
### Promo Codes
- [ ] Internal testing codes generated
- [ ] Beta tester codes generated
---
## Phase 7: Security & Integrity
### Play Integrity API
- [ ] Play Integrity enabled in Play Console
- [ ] `PlayIntegrityManager` integrated in app
- [ ] Server-side verification configured
- [ ] Nonce-based replay protection implemented
### App Integrity
- [ ] Certificate pinning active (real hashes)
- [ ] Root detection blocking/degrading gracefully
- [ ] EncryptedSharedPreferences for sensitive data
- [ ] Network security config blocks cleartext
- [ ] Backup disabled (`android:allowBackup="false"`)
---
## Phase 8: Pre-Release Verification
### Build Verification
- [ ] Release build: `./gradlew bundleProdRelease`
- [ ] No R8/ProGuard crashes
- [ ] All TRPC endpoints functional
- [ ] Google Sign-In working with production SHA-256
- [ ] FCM push notifications working
- [ ] Deep links routing correctly
- [ ] Offline queue resolving sync conflicts
- [ ] Token refresh working silently
### Play Console Verification
- [ ] All sections show green/complete
- [ ] No policy violations
- [ ] Store listing preview looks correct
- [ ] All screenshots display properly
- [ ] Feature graphic displays correctly
### Final Checks
- [ ] Version code incremented
- [ ] Version name updated
- [ ] Release notes written
- [ ] ProGuard mapping.txt saved
- [ ] Keystore backed up
---
## Notes
- **Keystore**: If lost, you can still upload new versions with a new key, but existing users won't be able to update. Google Play App Signing mitigates this risk.
- **Version codes**: Must be strictly increasing. Never reuse a versionCode.
- **Processing time**: AAB processing can take 10-30 minutes after upload.
- **Review time**: First-time app review can take up to 7 days. Subsequent updates are faster.
- **Internal testing**: Fastest distribution method. Testers get immediate access after rollout.
Reference in New Issue View Git Blame Copy Permalink