Kordant/tasks/android-production

Android Production Readiness

Objective: Prepare the Jetpack Compose Android application for Google Play Store submission with hardened security, optimized performance, comprehensive testing, and full native feature integration.

Status legend: [ ] todo, [~] in-progress, [x] done

Tasks

Play Store Preparation

• 01 — Play Store Listing Assets → 01-play-store-assets.md
• 02 — Feature Graphic & Promo Video → 02-feature-graphic.md
• 03 — Play Console Configuration → 03-play-console.md
• 04 — Internal Testing Track → 04-internal-testing.md

Security Hardening

• 05 — Certificate Pinning & Network Security Config → 05-cert-pinning.md
• 06 — Root Detection & Obfuscation (R8/ProGuard) → 06-root-detection.md
• 07 — Encrypted SharedPreferences & DataStore Audit → 07-encrypted-storage.md
• 08 — OAuth & Social Login Integration → 08-oauth-social-login.md

Performance Optimization

• 09 — Image Caching & Coil Optimization → 09-image-caching.md
• 10 — Pagination & List Performance → 10-pagination-lists.md
• 11 — Background Sync & WorkManager Optimization → 11-background-sync.md
• 12 — App Startup Time & ANR Prevention → 12-startup-anr.md

Native Features

• 13 — Call Screening Service Production Hardening → 13-call-screening.md
• 14 — Notification Channels & Rich Notifications → 14-notifications.md
• 15 — App Shortcuts & Widgets → 15-shortcuts-widgets.md
• 16 — App Actions & Slices → 16-app-actions.md

Testing & QA

• 17 — UI Test Suite (Compose Testing) → 17-ui-test-suite.md
• 18 — Screenshot Testing (Paparazzi) → 18-screenshot-testing.md
• 19 — Accessibility Audit (TalkBack) → 19-accessibility-audit.md
• 20 — Firebase Test Lab Integration → 20-firebase-test-lab.md

Backend Integration

• 21 — Real API Client Verification & Wire-up → 21-api-verification.md
• 22 — Token Refresh & Session Management → 22-token-refresh.md
• 23 — Offline Sync & Conflict Resolution → 23-offline-sync.md
• 24 — FCM Push Notification Deep Linking → 24-fcm-deep-links.md

Play Store Compliance

• 25 — Privacy Policy & Data Safety Form → 25-privacy-data-safety.md
• 26 — Permissions Justification & Declarations → 26-permissions.md
• 27 — Target API Level & Policy Compliance → 27-target-api-compliance.md
• 28 — Content Rating & Regional Compliance → 28-content-rating.md

Dependencies

• 01, 02, 03, 04 can be done in parallel (Play Store prep)
• 05, 06, 07, 08 can be done in parallel (security)
• 09, 10, 11, 12 can be done in parallel (performance)
• 13, 14, 15, 16 can be done in parallel (native features)
• 17, 18, 19, 20 can be done in parallel (testing)
• 21 must be done before 22, 23, 24 (backend integration foundation)
• 22, 23, 24 depend on 21
• 25, 26, 27, 28 can be done in parallel (compliance)
• All groups can proceed independently

Exit Criteria

• Play Store listing complete with screenshots for phone, tablet, and foldable
• Feature graphic and promo video uploaded
• Internal testing track active with 20+ testers
• Certificate pinning active with network_security_config.xml
• Root detection blocking app usage or degrading gracefully
• R8/ProGuard enabled with release build shrinking and obfuscation
• EncryptedSharedPreferences used for all sensitive data
• OAuth and social login working (Google Sign-In)
• Coil image cache configured with 100MB disk limit
• All lists paginated with lazy loading (no ANRs on large datasets)
• WorkManager syncing every 15 minutes with battery optimization
• Cold start under 1.5 seconds on Pixel 6
• Call screening service filtering calls with <100ms latency
• Notification channels configured for alerts, marketing, and system
• App shortcuts for dashboard, alerts, and new scan
• Home screen widget showing threat score
• UI tests covering auth flow, dashboard navigation, and service screens
• Screenshot tests catching UI regressions on PR
• TalkBack labels on all interactive elements
• Firebase Test Lab tests passing on Pixel, Samsung, and Xiaomi devices
• All TRPC endpoints verified against backend contract
• Token refresh working silently without user interruption
• Offline queue resolving sync conflicts with server-wins strategy
• FCM deep links routing to correct screens with cold start
• Data safety form accurately declaring all collected data types
• All permissions justified with in-app rationale dialogs
• Target API level 36 with no deprecated API usage
• Content rating questionnaire completed accurately