Our QA and testing .apks are signed with a key per build
For every .apk build we do a
keytool -genkey -v -keystore qa.keystore -storepass android -alias androidqakey -keypass android -keyalg RSA -keysize 2048 -validity 10000 -dname "CN=Android Tor QA,O=Tor,C=US"which
a) results in differences between the resulting .apk files defeating our reproducible builds goal and
b) results in a hassle testing those .apk files by trying to overwrite an older installation: the keys must be the same, otherwise the app would not get installed over the already available one.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information