SpeakTrue

Android Play Release Checklist

Reader and action

Use this checklist before any SpeakTrue Android upload to Google Play. It separates source-controlled release readiness from external Play Console proof so local checks do not overclaim production upload readiness.

Source-controlled readiness

These items must be true in the repository before a release candidate is considered Play-ready:

Application ID: com.speaktrue.app.
Launcher label: SpeakTrue.
Version name and code match the current iOS public release train.
Target SDK is Google Play eligible.
Release builds require SUPABASE_URL, SUPABASE_ANON_KEY, and SUPABASE_OAUTH_SCHEME.
ALLOW_IMPLICIT_OAUTH_COMPATIBILITY is unset or false for release builds.
Release builds run R8 with keep rules for kotlinx.serialization, Supabase/Ktor, AndroidX Security Crypto, DataStore, Media3, Compose, Hilt, and coroutines.
Manifest disables backup and cleartext traffic.
Microphone hardware is optional in the manifest so Play does not filter non-microphone devices.
Runtime microphone permission is requested before STT, STS, or voice-clone recording.
Settings exposes Privacy Policy and Terms of Use / EULA links.
Settings exposes Account Deletion and app Account settings exposes in-app delete flow.
Privacy policy web resource is available at https://haddadios.github.io/SpeakTrue/privacy-policy for Play Store listing and Data safety.
Terms of Use / EULA web resource is available at https://haddadios.github.io/SpeakTrue/terms-of-use for reviewer access.
Account deletion web resource is available at https://haddadios.github.io/SpeakTrue/account-deletion for Play Data safety.
GitHub Pages policy source files exist under docs/privacy-policy.md, docs/terms-of-use.md, and docs/account-deletion.md so the public Play policy URLs can be deployed from source.
Local policy URL consistency passes python3 scripts/verify_android_play_policy_urls.py.
Android app has no BillingClient dependency, subscription UI, paywall UI, or purchase runtime for the current free/open-access baseline.
Android/iOS parity map passes for every iOS-facing Android surface: python3 scripts/verify_android_ios_parity_release.py.
CI runs backend Android speech contracts, Android unit tests, lint, release AAB packaging, emulator smoke tests, automated screenshot capture, split local Android Play readiness gates, a non-failing Android Play release blocker report, and a redacted release evidence snapshot artifact.
Full Android unit tests pass locally or in CI with ./android/gradlew -p android :app:testDebugUnitTest.
Android lint passes locally or in CI with ./android/gradlew -p android :app:lintDebug.
Release AAB artifact shape, package name, version code, version name, Google Play 64-bit native ABI coverage, and Android 15+ 16 KB native page-size alignment pass python3 scripts/verify_android_release_bundle.py android/app/build/outputs/bundle/release/app-release.aab; unsigned is acceptable only for local/CI verification artifacts.
Optional signing plumbing check passes with bash scripts/verify_android_release_signing_plumbing.sh; this uses a temporary smoke keystore only and does not satisfy Play upload-key proof.
Local or CI emulator smoke runs through bash android/scripts/run-instrumented-smoke.sh with adb or SDK auto-detection and a connected emulator/device.
Play listing icon source passes python3 scripts/verify_android_play_assets.py.
Android screenshots are captured outside the repo with bash android/scripts/capture-play-screenshots.sh from a release or internal-test build, or with ANDROID_PLAY_SCREENSHOT_AUTOMATED=1 bash android/scripts/capture-play-screenshots.sh for the safe fixture set; set ADB, ANDROID_HOME, or ANDROID_SDK_ROOT if SDK auto-detection cannot find platform-tools. Local default output is /private/tmp/speaktrue-android-play-screenshots; CI uses $RUNNER_TEMP/speaktrue-android-play-screenshots.
Android screenshot files pass python3 scripts/verify_android_play_screenshots.py /private/tmp/speaktrue-android-play-screenshots --labels tts,stt,sts,soundboard,voice-clone,settings; verifier enforces JPEG or 24-bit PNG without alpha, max 8MB per file, Play side bounds, and Play side ratio bounds.

Data safety mapping

Use the current privacy policy as source text for Play Console Data safety answers. Do not invent broader collection claims than the app and providers require.

Play disclosure area	SpeakTrue answer source
Data shared with third parties	Speech user content is sent to ElevenLabs only for requested AI speech processing. Supabase handles auth, database, edge functions, and optional storage.
Data collected	Account/session identifiers, user content, usage data, app settings/preferences, diagnostics, and optional local fallback/provider keys.
Tracking	No tracking, no sale of personal data, no advertising data broker sharing.
Security practices	Data in transit uses HTTPS. Account-backed cloud features use authenticated sessions. Optional local fallback keys remain on-device.
Deletion / user control	Users can revoke microphone permission, uninstall for local data removal, delete cloud-backed soundboard content, delete a signed-in account in Settings, and request account/data deletion from `https://haddadios.github.io/SpeakTrue/account-deletion`.

Play Console external proof

These checks require Play Console access, real credentials, or a disposable live account. Record results outside source control unless they are redacted and intentionally added to docs.

Configure the real Android upload keystore and build bundleReleaseArtifact with local-only RELEASE_* values.
Provide RELEASE_* values through local.properties or environment variables, not Gradle command-line -P password arguments.
Verify the resulting AAB is signed with the upload key and remains 64-bit native ABI covered plus 16 KB page-size aligned using python3 scripts/verify_android_release_bundle.py --require-signed android/app/build/outputs/bundle/release/app-release.aab.
Upload the signed AAB to an internal test track.
Confirm package name, version name, version code, launcher icon, app name, and policy links in Play Console.
Complete Data safety using the mapping above and the active privacy policy.
Enter https://haddadios.github.io/SpeakTrue/account-deletion in the Play Console account/data deletion web-link field.
Verify public policy URLs resolve with python3 scripts/verify_android_play_policy_urls.py --live.
Fill Play Store listing fields from docs/ops/ANDROID_PLAY_STORE_LISTING.md, then replace bracketed placeholders only inside Play Console.
Confirm app access instructions describe sign-in and any disposable test account used for review.
Confirm no subscription/IAP declarations are enabled while the Android app remains in the free/open-access baseline.
Run live Supabase/ElevenLabs/storage smoke with a disposable account after required Edge Functions are deployed.
Run python3 scripts/verify_android_play_release_blockers.py --local-only for full source/local readiness when the release AAB and screenshot directory both exist. CI splits this proof across jobs with --skip-screenshots in the unit/lint/release job and --skip-aab in the emulator screenshot job. Run the full release blocker report and keep production promotion blocked until python3 scripts/verify_android_play_release_blockers.py --include-live-policy exits cleanly; it separates source readiness, local release readiness, and external Play/live blockers for complete redacted evidence, signed upload AAB, screenshots, live smoke, and live policy URLs.

Play Console pasteable entries

Use these entries as release-review source text. Replace only the bracketed disposable-account placeholders with real review-account values in Play Console; do not commit credentials.

App access instructions

SpeakTrue requires sign-in for account-backed speech and soundboard workflows.

Reviewer account:
Email: [disposable-review-email]
Password: [disposable-review-password]

After sign-in, accept the Terms of Use gate. The app opens to the main speech tools. Reviewers can test Text to Speech, Speech to Text, Speech to Speech, Soundboard, Voice Clone, Settings, Privacy Policy, Terms of Use, and Account Deletion from the bottom navigation and Settings links. Microphone permission is requested only when recording for Speech to Text, Speech to Speech, or Voice Clone.

Internal testing notes

Upload the signed AAB to internal testing before production. Confirm package name com.speaktrue.app, app name SpeakTrue, version name 1.2, version code 15, launcher icon, privacy policy URL, terms URL, and account deletion URL. Do not enable subscriptions or in-app products for this Android free/open-access baseline.

Live smoke evidence note

Before promoting beyond internal testing, install Deno, deploy the required Supabase Edge Functions, and run the redacted live smoke with a disposable account. Keep only command name, exit code, and pass/fail summary as evidence. Do not paste Supabase JWTs, auth tokens, provider keys, user content, transcripts, generated audio URLs, or account passwords.

Opt-in smoke command:

SPEAKTRUE_ANDROID_LIVE_SMOKE=1 \
SPEAKTRUE_ANDROID_SUPABASE_URL=<redacted-supabase-url> \
SPEAKTRUE_ANDROID_SUPABASE_ANON_KEY=<redacted-anon-key> \
SPEAKTRUE_ANDROID_TEST_EMAIL=<redacted-test-email> \
SPEAKTRUE_ANDROID_TEST_PASSWORD=<redacted-test-password> \
SPEAKTRUE_ANDROID_TEST_CATEGORY_ID=<redacted-category-uuid> \
deno run -A scripts/live_android_play_release_smoke.mjs

Safe verifier:

python3 scripts/generate_android_play_release_evidence_snapshot.py
python3 scripts/verify_android_ios_parity_release.py
./android/gradlew -p android :app:testDebugUnitTest
./android/gradlew -p android :app:lintDebug
python3 scripts/verify_android_release_bundle.py android/app/build/outputs/bundle/release/app-release.aab
python3 scripts/verify_android_release_bundle.py --require-signed android/app/build/outputs/bundle/release/app-release.aab
python3 scripts/verify_android_play_assets.py
python3 scripts/verify_android_play_screenshots.py /private/tmp/speaktrue-android-play-screenshots --labels tts,stt,sts,soundboard,voice-clone,settings
python3 scripts/verify_android_play_policy_urls.py
python3 scripts/verify_android_play_policy_urls.py --live
python3 scripts/verify_android_play_release_smoke.py
python3 scripts/verify_android_play_release_blockers.py --local-only
python3 scripts/verify_android_play_release_blockers.py --local-only --skip-screenshots
python3 scripts/verify_android_play_release_blockers.py --local-only --skip-aab
python3 scripts/verify_android_play_release_evidence.py
python3 scripts/verify_android_play_release_blockers.py --include-live-policy
bash scripts/verify_android_release_signing_plumbing.sh
bash android/scripts/run-instrumented-smoke.sh
ANDROID_PLAY_SCREENSHOT_AUTOMATED=1 bash android/scripts/capture-play-screenshots.sh
bash android/scripts/capture-play-screenshots.sh

If the explicit env is absent, the verifier exits with a skipped state and says no live success is claimed. If live env is configured but Deno is unavailable, the verifier fails with live-smoke runtime missing: deno instead of claiming a live result.

Use docs/ops/ANDROID_PLAY_RELEASE_EVIDENCE_TEMPLATE.md for the final redacted release-evidence record. Keep NO_LIVE_SUCCESS_CLAIMED until live provider/storage smoke passes against deployed services.

After every external proof row is filled and marked COMPLETE, run:

python3 scripts/verify_android_play_release_evidence.py --require-complete docs/ops/ANDROID_PLAY_RELEASE_EVIDENCE_TEMPLATE.md

Blockers

Do not promote to production if any item below is true:

A release build depends on debug fallback Supabase values.
ALLOW_IMPLICIT_OAUTH_COMPATIBILITY=true is enabled.
The AAB is unsigned or signed with a non-upload test key for Play upload.
Play policy URLs do not resolve to the current Privacy Policy and Terms of Use.
The account deletion web link does not resolve to the current Account Deletion page.
Data safety answers claim tracking or advertising behavior not present in the product.
Live provider/storage smoke has not run for the deployed backend path.
python3 scripts/verify_android_play_release_blockers.py --local-only reports any source/local blocker, or python3 scripts/verify_android_play_release_blockers.py --include-live-policy reports any remaining external Play/live blocker.