Uh-oh. Dear #Android #app #developers – please do NOT sign your APKs-for-distribution using debug keys. Especially not with expired ones (debug keys usually expire after 365 days AFAIK)!
And who by Goofy had the idea to make it possible using such debug keys to sign release APKs, so they not even raise the "android:debuggable" flag? That's how they were not noticed when I added them (proper checks in place now to stop that).
Having to go for a cleanup in my repo now…
gitlab.com/IzzyOnDroid/repo/-/…
scan existing APKs for use of debug keys (#477) · Issues · IzzyOnDroid / repo · GitLab
once #475 has been completed, existing APKs should be scanned for...GitLab