An Android release readiness checklist should verify security flags, signing status, R8 and resource shrink settings, exposed secrets, dependency health, SDK versions, artifact size, and CI/CD reproducibility before the APK or AAB is shipped.
Why Release Checks Matter
Many Android release failures are not compiler errors. They are configuration mistakes: a debug flag left on, a missing signing config, an API key committed in source, a disabled shrinker, an outdated SDK, or a CI pipeline that builds a different artifact than local development.
A checklist turns these fragile manual checks into a repeatable release gate.
Core Checklist
| Area | Check | Risk |
|---|---|---|
| Build type | debuggable is false for release | Debuggable production apps are easier to inspect and manipulate. |
| Secrets | No hardcoded API keys or tokens | Secrets can be extracted from the artifact. |
| R8 | minifyEnabled is enabled when intended | Readable bytecode and larger artifacts. |
| Resources | shrinkResources and resource rules reviewed | Unnecessary resource bloat or runtime missing resources. |
| Signing | Release keystore and schemes verified | Store rejection or installation failure. |
| Dependencies | Conflicts and deprecated libraries reviewed | Runtime bugs or security issues. |
| SDK versions | compileSdk and targetSdk are compliant | Store policy or compatibility issues. |
| CI/CD | Release artifact can be reproduced in CI | Local-only release process and missed automation checks. |
Manual Workflow
- Run a clean release build from the command line.
- Inspect the merged manifest and release build type.
- Search source and resources for tokens, keys, passwords, and debug endpoints.
- Verify signing with
apksigneror equivalent tooling. - Check dependency conflicts and outdated versions.
- Compare artifact size and bundle contents against the previous release.
- Run smoke tests on a signed release artifact, not only debug builds.
How ADB Pro Helps
Release Readiness provides a 13-point pre-release checklist in the IDE. Quick Setup helps align R8, resource shrinking, signing, CI/CD, SDK selections, and build performance settings. Dependency Health adds dependency conflict and version visibility.
FAQ
Should release checks run before every upload?
Yes. The same checklist should run for every release candidate, especially when dependencies, Gradle files, signing, or CI/CD configuration changed.
Is a successful Gradle build enough?
No. A build can succeed while still containing debug flags, leaked keys, missing signing schemes, or broken runtime behavior.
Should checks be manual or automated?
Both. Manual review helps with context, but repeated checks should be automated or tool-assisted to avoid skipped steps.