Kordant/android/docs/play-console-setup.md

Google Play Console Setup Guide

Complete step-by-step guide for configuring Kordant in Google Play Console.

Table of Contents

1. Prerequisites
2. Create the App
3. App Signing
4. Default App Information
5. Internal Testing Track
6. Store Listing
7. Pricing & Distribution
8. Content Rating
9. Data Safety Form
10. Play Integrity API
11. In-App Products
12. Release Checklist

---

Prerequisites

• Google account with Play Console access
• $25 one-time developer registration fee paid
• Signed AAB (Android App Bundle) ready to upload
• App signing keystore generated (see scripts/generate-release-key.sh)
• App assets prepared (icon, screenshots, feature graphic)
• Privacy policy URL hosted and accessible
• Firebase project linked to the app

---

1. Create the App

1. Go to Google Play Console
2. Click "Create app"
3. Fill in:
   • App name: Kordant
   • Default language: English (United States)
   • App or game: App
   • Free or paid: Free
4. Click "Create app"

---

2. App Signing

2.1 Generate Upload Key

cd android
chmod +x scripts/generate-release-key.sh
./scripts/generate-release-key.sh

This creates:

• kordant-release.keystore — The keystore file (KEEP SECURE)
• key.properties — Credentials for Gradle (added to .gitignore)

2.2 Configure Google Play App Signing

1. Go to Setup → App integrity → App signing
2. Select "Let Google manage the app signing key"
3. Upload the upload certificate:
   • Option A: Upload the .keystore file directly
   • Option B: Extract the certificate and upload:

     keytool -export-cert \
       -keystore kordant-release.keystore \
       -alias kordant-release-key \
       -file upload-cert.pem
     

     Then upload upload-cert.pem
4. Review and accept the terms
5. Click "Enable"

2.3 Save the Backup Key

After enabling Google Play App Signing, Google provides a backup app signing key. Download it and store it securely — this is your last resort if the upload key is lost.

2.4 Verify Configuration

After setup, note the app signing key certificate fingerprint (SHA-256). You'll need this for:

• Firebase SHA-256 configuration (for Google Sign-In)
• Facebook App configuration
• Any other service requiring app identity verification

---

3. Default App Information

Go to Setup → Default app information:

Contact Details

• Email: support@kordant.com (or your contact email)
• Website: https://kordant.ai
• Privacy policy URL: https://kordant.ai/privacy (must be publicly accessible)

App Access (if applicable)

• Configure any required URL patterns for App Access API

---

4. Internal Testing Track

4.1 Create Internal Testing Track

1. Go to Testing → Internal testing
2. Click "Create new release"
3. Fill in release notes

4.2 Add Testers

1. Go to Testing → Internal testing → Testers
2. Click "Manage testers"
3. Add internal tester emails (team members with Google accounts)
4. Click "Save changes"
5. Testers receive an invitation email — they must accept

4.3 Upload Build

1. Go to Testing → Internal testing → Create new release
2. Upload the AAB:

   cd android
   ./gradlew bundleProdRelease
   # AAB location: app/build/outputs/bundle/prodRelease/app-prod-release.aab
   

3. Drag and drop the AAB file
4. Wait for processing (can take several minutes)
5. Fill in release notes
6. Click "Review release" → "Start rollout"

4.4 Verify Installation

1. Each tester receives an email with the testing link
2. Testers click the link and follow the enrollment flow
3. Testers install the app from the internal testing listing
4. Verify the app launches and functions correctly

---

5. Store Listing

Go to Main store listing:

5.1 App Identity

• Title: Kordant (50 characters max)
• Short description (80 characters max):

  Your personal security command center. Monitor data exposures, screen spam calls, and protect your digital identity.
  

• Full description (4000 characters max):

  Kordant is your personal security command center — all-in-one protection for your digital identity.
  
  DATA EXPOSURE MONITORING
  DarkWatch continuously scans broker sites, data dumps, and the dark web for your personal information. Get instant alerts when your data appears online, with automated removal requests to have it taken down.
  
  SPAM CALL PROTECTION
  SpamShield screens incoming calls in real-time, identifying and blocking spam, robocalls, and telemarketers before they reach you. Built on a crowdsourced database of millions of known spam numbers.
  
  VOICEPRINT VERIFICATION
  Create a unique voice signature to verify your identity across services. VoicePrint enrollment takes seconds and works with your existing biometric authentication.
  
  PROPERTY PROTECTION
  HomeTitle monitors your property listings and alerts you to unauthorized postings, fake listings, or identity theft targeting your home.
  
  FAMILY SECURITY
  Extend protection to your entire family with shared watchlists, coordinated alerts, and a single dashboard for everyone's digital safety.
  
  KEY FEATURES:
  • Real-time threat scoring dashboard
  • Automated data removal requests
  • Call screening with <100ms latency
  • Encrypted voice enrollment
  • Family sharing and management
  • Dark web exposure monitoring
  • Property listing protection
  • Privacy-first architecture
  
  YOUR DATA STAYS YOURS:
  Kordant uses end-to-end encryption for all sensitive data. Your voice recordings, personal information, and security preferences are encrypted at rest and in transit. We never sell or share your data with third parties.
  
  SUBSCRIPTION PLANS:
  • Free: Basic monitoring and call screening
  • Pro: Full DarkWatch, VoicePrint, and family features
  • Family: Pro features for up to 6 family members
  
  Privacy Policy: https://kordant.ai/privacy
  Terms of Service: https://kordant.ai/terms
  Support: support@kordant.ai
  

5.2 Graphics

App Icon

• Size: 512×512 PNG
• Format: PNG (not transparent)
• Already prepared in app/src/main/res/mipmap-xxxhdpi/ic_launcher.webp
• Convert to 512×512 PNG for upload

Feature Graphic

• Size: 1024×500 JPG or PNG (non-transparent)
• Format: This is the large banner shown in search results
• Create with branding guidelines from design-tokens/

Screenshots

• Phone (at least 2): 16:9 or 9:16, min 320px, max 3840px
  1. Dashboard with threat score
  2. DarkWatch exposure monitoring
  3. SpamShield call filtering
  4. VoicePrint enrollment
  5. Alerts and notifications
• Tablet (at least 2, if supporting): Same aspect ratios
• Foldable (optional): If targeting foldable devices

5.3 Category & Rating

• Category: Tools
• Contact email: support@kordant.ai
• Privacy policy URL: https://kordant.ai/privacy

5.4 Language

• Default: English (United States)
• Additional languages can be added later via Store presence → Localization

---

6. Pricing & Distribution

6.1 Pricing

Go to Marketing → Pricing & distribution:

• Price: Free
• Subscription offers: Configure in Google Play Console → Monetization → Subscriptions

6.2 Distribution

• Countries/regions: Select all available or specific target markets
• Recommended: Start with US, CA, GB, AU, DE, FR, ES, IT, JP, BR

6.3 Age Rating

• Complete the content rating questionnaire (see Section 7)

---

7. Content Rating

Go to Setup → Content rating:

US IARC Questionnaire

Answer honestly based on app content:

Question	Answer
In-Game Purchases	Yes (subscriptions)
Simulated Gambling	No
Alcohol, Drugs, Weapons	No
Animated Blood and Gore	No
Realistic Blood and Gore	No
Realistic Violence	No
Cartoon or Fantasy Violence	No
Sexual Content	No
Horror or Fear Themes	No
Profanity	No
Suggestive Themes	No
Users Interact	Yes (dark web monitoring involves user data)
Shares Info	Yes (app collects personal data for security monitoring)
Ads	No
Inappropriate Ads	No
Simulated Gambling	No
Medication, Recreational Drugs	No
Violence	No
Alcohol, Tobacco	No
Language	No
Sexual Content	No
In-App Purchases	Yes
PVP (Player vs Player)	No

Expected rating: Everyone or Everyone 10+

Additional Ratings

Some countries require additional questionnaires (Germany USK, France, etc.). Complete these as prompted.

---

8. Data Safety Form

Go to Setup → Data safety:

Data Collected

Data Type	Purpose	Shared?	Required?
Name	Account management	No	Yes
Email address	Account management, notifications	No	Yes
Phone number	Call screening, spam detection	No	Yes
Photos	VoicePrint enrollment (voice samples only)	No	Optional
Audio	VoicePrint enrollment and analysis	No	Optional
App activity	Feature usage analytics	No	Yes
Device ID	App integrity verification	No	Yes
Diagnostics	Crash reporting (Firebase Crashlytics)	Yes (Firebase)	Yes

Data Practices

• Data encryption: Yes, in transit (TLS 1.2+) and at rest (AES-256)
• Data deletion: Users can request data deletion via Settings or support email
• Data shared with third parties: Firebase (analytics, crash reporting), Google Play (Play Integrity)
• Security practices: Certificate pinning, EncryptedSharedPreferences, biometric authentication

Privacy Policy

Must be accessible at: https://kordant.ai/privacy

---

9. Play Integrity API

The app already includes Play Integrity integration via PlayIntegrityManager.

Enable in Play Console

1. Go to Setup → App integrity → Play Integrity API
2. Ensure the API is enabled for your app
3. Note: Play Integrity is automatically available for apps distributed through Google Play

Server-Side Verification

Configure your backend to verify Play Integrity tokens:

# 1. Get Google's public keys
# https://developer.android.com/google/play/integrity/verify

# 2. Verify tokens using Google's verification library
# Java: com.google.android.play:integrity:1.4.0
# Or use Google Cloud Functions for verification

Backend Integration

The PlayIntegrityManager generates tokens that should be sent to your backend:

1. App requests a nonce from your server
2. Server passes nonce to PlayIntegrityManager.requestIntegrityToken(nonce)
3. App sends the resulting token to your server
4. Server verifies the token using Google's public keys
5. Server checks ctsProfileMatch and integrityResult fields

---

10. In-App Products

Go to Monetize → Products:

10.1 Subscriptions

Create subscription products:

Product ID	Name	Price	Description
pro_monthly	Pro Monthly	$9.99/mo	Full DarkWatch, VoicePrint, family features
pro_annual	Pro Annual	$79.99/yr	Same as monthly, save 33%
family_monthly	Family Monthly	$14.99/mo	Pro for up to 6 family members
family_annual	Family Annual	$119.99/yr	Family plan, save 33%

10.2 Managed Products (one-time)

Product ID	Name	Price	Description
single_scan	Single Scan	$4.99	One-time full security scan
removal_pack	Removal Pack	$9.99	5 automated data removal requests

10.3 Promo Codes

• Go to Monetize → Promo codes
• Create codes for internal testing and beta testers

---

Release Checklist

Before submitting for review:

Build & Signing

• Release keystore generated and backed up
• key.properties configured (not committed to git)
• Google Play App Signing enabled
• Signed AAB built successfully (./gradlew bundleProdRelease)
• R8/ProGuard enabled and tested (no crashes from obfuscation)
• Baseline profile generated for performance

Store Listing

• App icon uploaded (512×512 PNG)
• Feature graphic uploaded (1024×500)
• Phone screenshots uploaded (2-8 images)
• Tablet screenshots uploaded (if applicable)
• Title, short description, full description complete
• Category set to "Tools"
• Contact details filled in
• Privacy policy URL accessible

Distribution

• Price set to Free
• Distribution countries selected
• Content rating questionnaire completed
• Data safety form completed
• All permissions justified in-app

Testing

• Internal testing track created
• Testers added and accepted invitation
• First build uploaded and processing
• Testers can install and run the app
• Firebase Test Lab tests passing on Pixel, Samsung, Xiaomi

Security

• Certificate pinning configured (real pins, not placeholders)
• Play Integrity API enabled
• Root detection active
• EncryptedSharedPreferences for sensitive data
• Network security config blocks cleartext traffic

Backend

• Play Integrity token verification configured
• FCM configured for push notifications
• TRPC endpoints verified against backend contract
• Token refresh working silently

---

Troubleshooting

"Upload key not found"

Ensure key.properties exists and has correct paths:

cd android
ls -la key.properties kordant-release.keystore

"Build failed: signingConfig not found"

The signing config is created dynamically from key.properties. Ensure the file exists and is valid.

"AAB upload rejected"

Common causes:

• Wrong target SDK (must be latest)
• Missing required permissions declarations
• App not properly signed
• Version code conflicts (must be higher than previous release)

"Internal testers can't install"

• Ensure testers accepted the invitation email
• Wait up to 30 minutes for the release to process
• Check that the AAB processed successfully in Play Console
• Testers must use a Google account that matches the invited email

"Version code already used"

Each release must have a unique, increasing versionCode. Update in build.gradle.kts:

defaultConfig {
    versionCode = 2  // Increment from previous release
    versionName = "1.1"
}