I need a mobile-app security specialist to examine and tighten every step of our Android signing and release pipeline. The current flow works but hasn’t been formally reviewed, and I want full confidence that our keys stay protected, each APK/AAB is signed correctly, and in-app updates cannot be hijacked. Here’s what I expect from the engagement: • A concise technical audit covering key storage, keystore access control, build-time signing, Google Play signing settings, and update verification logic. • Practical recommendations with risk rankings and a clear “fix plan.” • Hands-on refinement of Gradle or CI scripts so the signing task is worry-free for future releases. • Step-by-step documentation that my team (mid-level Android developers) can follow to cut a new release without exposing keys or breaking update provenance. • A quick knowledge-transfer session – recorded or live notes are fine – so the whole process is crystal clear. We’re treating this as a focused, short contract; a single, all-inclusive payment of ₹3,000 will be released once the updated process signs an internal build and Play Console accepts it with no integrity warnings. Tools in play today include Android Studio, Gradle, and GitHub Actions; if you prefer another secure CI step, propose it. Deliverables should arrive within a week of project kickoff, and I’ll be available daily for questions or access tokens you might need. If you’ve hardened release pipelines before and can back your work with a tight, readable report, let’s lock this in.