GitLab

For every .apk build we do a

keytool -genkey -v -keystore qa.keystore -storepass android -alias androidqakey -keypass android -keyalg RSA -keysize 2048 -validity 10000 -dname "CN=Android Tor QA,O=Tor,C=US"

which

a) results in differences between the resulting .apk files defeating our reproducible builds goal and

b) results in a hassle testing those .apk files by trying to overwrite an older installation: the keys must be the same, otherwise the app would not get installed over the already available one.