android-kotlin
/

Android Deployment – Signing, Bundling, and Release

Last Sync: Today

On this page

5
0%
5 min read
Remaining
5 minleft

Click any section to jump — progress syncs automatically

android-kotlin

Android Deployment – Signing, Bundling, and Release

The Modern Release Format: AAB

In 2026, the Android App Bundle (.aab) is the mandatory publishing format for Google Play. Unlike the legacy APK, an AAB is a publishing artifact that includes all your compiled code and resources but defers APK generation to Google Play. This enables Dynamic Delivery, where users only download the code and resources required for their specific device configuration (ABI, screen density, and language).

  1. App Signing and Security

Security is paramount for an Engineering Manager. Google Play App Signing is the standard where you provide an 'Upload Key' to sign your bundle, while Google manages the 'App Signing Key' in their secure infrastructure. This protects you from losing your key and allows Google to optimize your APKs for different form factors without needing a new signature from you.

  1. R8: Shrinking and Obfuscation

Before deployment, your code must pass through R8. R8 performs three critical tasks: Shrinking (removing unused code/resources), Optimization (rewriting code for performance), and Obfuscation (renaming classes/methods to short, nonsensical names). For Revochamp, this is the primary defense against reverse-engineering of your core AI-to-UI logic.

GRADLERead-only
1
// build.gradle.kts (Module: app)
android {
    buildTypes {
        getByName("release") {
            isMinifyEnabled = true
            isShrinkResources = true
            proguardFiles(getDefaultProguardFile("proguard-android-optimize.txt"), "proguard-rules.pro")
        }
    }
}

  1. The Play Console Rollout Strategy

A Lead Architect never releases to 100% of users immediately. You should utilize Staged Rollouts. Start with an 'Internal Test' for your team, move to a 'Closed Beta' for trusted users, and finally a 'Production' rollout starting at 5% and scaling up as your Crashlytics logs remain clean.

Deployment Comparison

FeatureAndroid (Play Store)iOS (App Store)
Primary FormatAAB (Android App Bundle)IPA (iOS App Store Package)
OptimizationDynamic Delivery (Split APKs)App Thinning
ObfuscationR8 / ProGuardSymbol Stripping / Bitcode
SigningGoogle Play App SigningProvisioning Profiles / Certificates
RolloutStaged Rollout (Percentage)Phased Release (7-day fixed)
Review TimeVaries (Hours to Days)Varies (Strict Guidelines)

Test Your Knowledge

Q1
of 3

What is the mandatory publishing format for new apps on Google Play in 2026?

A
.apk
B
.exe
C
.aab
D
.jar
Q2
of 3

Which tool is responsible for code shrinking and obfuscation in the Android build pipeline?

A
Gradle
B
R8
C
Kotlin Compiler
D
ADB
Q3
of 3

What is the primary benefit of a Staged Rollout?

A
It makes the app download faster
B
It allows you to catch crashes on a small percentage of users before a full release
C
It bypasses the Google Play review process
D
It allows you to charge more for the app

Frequently Asked Questions

What is a 'Split APK'?

A split APK is a smaller, specialized APK generated by Google Play from your App Bundle. It contains only the resources (like high-res images) and code (like ARM64 binaries) that a specific user's device actually needs, reducing download size by up to 35%.

Can I still use APKs for deployment?

You can use APKs for 'Sideloading' or third-party stores, but Google Play requires AABs for all new apps and updates. For enterprise distribution of Revochamp, APKs remain a valid choice.

How do I handle sensitive API keys in production?

Never hardcode keys in your source code. Use the 'Secrets Gradle Plugin' to read keys from a local properties file (excluded from Git) and inject them into your 'BuildConfig' during the release build process.

Previous

android performance

Next

android best practices

Related Content

Need help?

Explore our comprehensive docs or start a chat with our tech experts.