Skip to content

Commit 230195f

Browse files
authored
Merge branch 'main' into codexd/448-play-listing-graphics
2 parents 50d52ba + cd49f7e commit 230195f

16 files changed

Lines changed: 1098 additions & 20 deletions

docs/Android-Release-Configuration.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ Android release builds must include the production Firebase client config so Fir
66

77
- `ANDROID_GOOGLE_SERVICES_JSON_B64`: base64-encoded contents of the production Android `google-services.json` for Firebase project `ontime-c63f1`.
88

9-
The release verification workflow decodes this secret to `android/app/src/release/google-services.json` before running the Android release build. Generated `google-services.json` files are ignored and must not be committed.
9+
The Android Play Internal Deploy workflow decodes this secret to `android/app/src/release/google-services.json` before running the Android release build. Generated `google-services.json` files are ignored and must not be committed.
1010

1111
The decoded file must include an Android client whose package name is `club.devkor.ontime`. Gradle validates this package match for release builds and through the focused validation task below.
1212

@@ -90,4 +90,4 @@ Release SHA-1 and SHA-256 fingerprints must be added to Firebase after the relea
9090

9191
## Verification
9292

93-
Use the `Android Release Verification` GitHub Actions workflow to confirm CI can reproduce the release build with the configured secret. For production readiness, also install a real Android release build and verify Firebase initializes and FCM token registration reaches the backend.
93+
Use the `Android Play Internal Deploy` GitHub Actions workflow to confirm CI can reproduce the signed release build with the configured secrets. For production readiness, also install a real Android release build and verify Firebase initializes and FCM token registration reaches the backend.

docs/Android-Signing-Setup.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -76,8 +76,8 @@ The Gradle build also accepts the legacy `ONTIME_ANDROID_KEYSTORE_PATH`,
7676
## Configure CI Release Signing
7777

7878
For GitHub Actions deploys, base64-encode the upload keystore and store it as
79-
the `ANDROID_UPLOAD_KEYSTORE_B64` secret in the protected `release`
80-
environment:
79+
the `ANDROID_UPLOAD_KEYSTORE_B64` secret in the protected `staging`
80+
environment used by the Android Play Internal Deploy workflow:
8181

8282
```sh
8383
base64 -i ~/secure/ontime-upload.jks | pbcopy

docs/Google-Play-Data-Safety.md

Lines changed: 119 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,119 @@
1+
# Google Play Data Safety Worksheet
2+
3+
This worksheet advances release issue #441 under parent track #464. It is not a
4+
final Google Play declaration and must not be pasted into Play Console until the
5+
open prerequisites below are resolved.
6+
7+
## Status
8+
9+
Current status: externally blocked.
10+
11+
Blocking prerequisites:
12+
13+
| Input | Source issue | Status on 2026-05-10 | Why it blocks submission |
14+
| --- | --- | --- | --- |
15+
| Approved privacy policy text | #434 | Open, manual | Google Play requires a privacy policy and the Data safety answers must match it. |
16+
| Backend deletion and retention truth | #439 | Open, manual/backend | Data deletion support, retention exceptions, and associated data deletion are server-side facts. |
17+
| External account deletion request URL | #440 | Open, manual | Play requires an outside-app deletion path for apps with accounts. |
18+
| Manifest permission audit | #442 | Closed | Evidence is available in `docs/Android-Manifest-Permissions.md`. |
19+
| Final release SDK/provider set | #441 prerequisite | Pending owner confirmation | SDK data collection must match the shipped release build. |
20+
21+
Google's current guidance says developers are responsible for complete and
22+
accurate declarations, including data handled by third-party SDKs, and should
23+
review app permissions, APIs, SDK behavior, privacy policy, encryption, sharing,
24+
and deletion practices before submitting the form:
25+
26+
- https://support.google.com/googleplay/android-developer/answer/10787469
27+
- https://developers.google.com/android/guides/play-data-disclosure
28+
- https://firebase.google.com/docs/android/play-data-disclosure
29+
30+
## Source Evidence Reviewed
31+
32+
Repo evidence reviewed for this worksheet:
33+
34+
- `pubspec.yaml`
35+
- `lib/core/constants/endpoint.dart`
36+
- `lib/data/data_sources/authentication_remote_data_source.dart`
37+
- `lib/data/data_sources/schedule_remote_data_source.dart`
38+
- `lib/data/data_sources/preparation_remote_data_source.dart`
39+
- `lib/data/data_sources/alarm_remote_data_source.dart`
40+
- `lib/data/data_sources/notification_remote_data_source.dart`
41+
- `lib/data/data_sources/token_local_data_source.dart`
42+
- `lib/data/repositories/user_repository_impl.dart`
43+
- `lib/domain/entities/user_entity.dart`
44+
- `lib/domain/entities/schedule_entity.dart`
45+
- `lib/domain/entities/place_entity.dart`
46+
- `lib/domain/entities/alarm_entities.dart`
47+
- `docs/Android-Manifest-Permissions.md`
48+
- `docs/Release-Checklist.md`
49+
50+
## Current App Data Flow Inventory
51+
52+
This table maps current source evidence to likely Google Play Data safety review
53+
areas. Final categories, required or optional status, purposes, sharing, and
54+
deletion support must be approved by the release owner.
55+
56+
| Data flow | Current source evidence | Likely form area | Current confidence |
57+
| --- | --- | --- | --- |
58+
| Account sign-up and sign-in | Normal auth sends email, password, and name to `/login` and `/sign-up`; user responses include id, email, name, spare time, note, score. | Personal info, account management, app functionality | Source-backed, backend retention pending |
59+
| Google sign-in | Google auth requests `email` and `profile` scopes and sends an ID token to `/oauth2/google/login`. | Personal info and identifiers handled through Google sign-in | Source-backed, final provider set pending |
60+
| Apple sign-in | Apple auth requests email and full name scopes and sends ID token, auth code, full name, and optional email to `/oauth2/apple/login`. | Personal info and identifiers handled through Apple sign-in | Source-backed, final provider set pending |
61+
| Auth tokens | Access and refresh tokens are stored in `flutter_secure_storage` and sent as bearer authorization headers. | Security credential handling, not a Play user-facing data category by itself unless policy owner maps it | Source-backed, policy mapping pending |
62+
| Schedules | Schedule create/update sends schedule id, place id, place name, schedule name, schedule time, move time, spare time, started/change flags, and schedule note. | App activity, user-generated content, possible location/place information | Source-backed, final category mapping pending |
63+
| Preparation steps and spare time | Default and schedule preparation APIs send preparation ids, names, durations, ordering links, spare time, and note. | App activity or user-generated content | Source-backed, final category mapping pending |
64+
| Feedback and deletion feedback | Feedback endpoints send generated feedback id and free-text message; deletion can include optional feedback. | App activity or user-generated content, depending on final policy wording | Source-backed, backend retention pending |
65+
| Push notification registration | FCM token registration sends `firebaseToken` and app-generated `deviceId` to `/firebase-token`. | Device or other identifiers, app functionality | Source-backed, SDK disclosure pending |
66+
| Alarm device registration | Current device registration sends app-generated device id, platform, app version, OS version, native alarm support, and alarm providers. | Device or other identifiers, app info and performance | Source-backed, backend retention pending |
67+
| Alarm status reporting | Alarm status reports send device id, reconciliation timestamps, schedule window, coverage window, alarm provider, status, permission issue, armed schedule ids, skipped count, and failures. | App info and performance, diagnostics, device or other identifiers | Source-backed, backend retention pending |
68+
| Local alarm registry | Scheduled alarm records are stored locally with schedule id, alarm time, preparation start time, fingerprint, notification ids, provider, schedule title, and payload. | On-device storage; disclose only if transmitted or shared elsewhere | Source-backed |
69+
| Android permissions | Release manifest includes notification, exact alarm, full-screen intent, boot restore, vibration, and dependency-owned network/Firebase/sign-in permissions. It does not include location, contacts, camera, microphone, phone, SMS, storage, calendar, nearby-device, or Bluetooth permissions. | Permission/API evidence for form consistency | Source-backed by #442 |
70+
| Firebase Cloud Messaging SDK | The app uses `firebase_core` and `firebase_messaging`. Firebase documentation says Cloud Messaging collects app version automatically and depends on Firebase Installations; FID and Firebase user agent handling must be considered. | SDK-collected data, device or other identifiers, app info and performance | Source-backed dependency, final SDK review pending |
71+
| Google Play services core SDKs | Google Play services base/basement/tasks may be present through dependencies. Google's disclosure page says the listed core SDKs do not collect end-user data, but app owners remain responsible for the overall disclosure. | SDK review | Dependency review pending |
72+
73+
## Answers That Must Stay Pending
74+
75+
Do not finalize these fields until the owners listed below provide the missing
76+
facts.
77+
78+
| Field or decision | Required owner input |
79+
| --- | --- |
80+
| Whether each collected data type is required or optional | Product owner and source review. |
81+
| Whether any data is shared outside service-provider processing | Backend owner, Firebase/Google configuration owner, and privacy owner. |
82+
| Backend retention period for accounts, schedules, preparations, feedback, FCM tokens, device registrations, alarm status, and logs | Backend owner. |
83+
| Whether deletion requests delete or anonymize each associated data type, and within what time window | Backend owner and privacy owner. |
84+
| Whether any data is retained for legal compliance, security, abuse prevention, or operations | Backend owner and legal/product owner. |
85+
| Final privacy policy URL and exact text | Product/legal owner and #434/#435. |
86+
| External account deletion request URL and page content | Web/backend owner and #440. |
87+
| Final active auth providers for Android release | Release owner. Current source supports normal, Google, and Apple paths; Kakao dependencies are present but no active release flow was found in the checked auth path. |
88+
| Firebase optional exports such as FCM delivery metrics to BigQuery or Analytics-linked notification interaction events | Firebase project owner. No Analytics dependency was found in `pubspec.yaml`, but console settings must still be checked. |
89+
| Play Console submission | Play Console owner. |
90+
91+
## Pre-Submission Checklist
92+
93+
1. Confirm the release build's exact dependency set and SDK configuration.
94+
2. Re-run the source audit after final release branch changes.
95+
3. Confirm backend deletion and retention behavior for normal, Google, and Apple
96+
account paths.
97+
4. Approve the privacy policy and verify every declared data type appears in it.
98+
5. Verify the public privacy policy URL works without login and is the same URL
99+
used in app and Play Console.
100+
6. Verify the public account deletion URL works without installing or opening
101+
the app and explains deleted and retained data.
102+
7. Enter the Data safety form in Play Console from this worksheet plus approved
103+
owner answers.
104+
8. Save the final submitted answers back into release documentation, replacing
105+
or appending to this worksheet.
106+
107+
## Suggested Final Documentation Template
108+
109+
After Play Console submission, append a section named `Submitted Answers` with:
110+
111+
- Submission date and Play Console owner.
112+
- Privacy policy URL.
113+
- Account deletion URL.
114+
- Data types declared as collected.
115+
- Data types declared as shared, if any.
116+
- Purpose, required/optional status, and deletion support for each data type.
117+
- Encryption in transit answer.
118+
- Any retained data exceptions and retention period.
119+
- Evidence screenshots or links stored outside git, if applicable.
Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,93 @@
1+
# Google Play Release Screenshots
2+
3+
Use this checklist to capture the Play Store screenshots for issue #449. The
4+
final screenshots must come from a release-like app build on a real device or
5+
release-equivalent emulator; do not use mock-only screens, Widgetbook states, or
6+
debug-only data.
7+
8+
Last checked against Google Play Console Help on 2026-05-10:
9+
10+
- [Add preview assets to showcase your app](https://support.google.com/googleplay/android-developer/answer/9866151?hl=en-EN)
11+
- [Store listing practices](https://support.google.com/googleplay/android-developer/answer/13393723?hl=en)
12+
13+
## Capture Setup
14+
15+
- Build and install the release candidate that will be submitted, or an
16+
equivalent signed build from the same commit and environment.
17+
- Use the shipped localization that the screenshot will represent. If the
18+
listing has Korean and English localized screenshots, capture each language
19+
separately.
20+
- Use realistic but non-sensitive sample data. Do not show personal names,
21+
private addresses, phone numbers, access tokens, backend IDs, or real user
22+
accounts.
23+
- Clear unrelated system notifications before capture. Keep the device status
24+
bar clean and plausible.
25+
- Keep the app name, icon, and visible copy consistent with `OnTime` and
26+
`docs/Google-Play-Listing-Copy.md`.
27+
28+
## Play Asset Constraints
29+
30+
Confirm current Play Console requirements again at upload time. As of the last
31+
check above, screenshots must satisfy:
32+
33+
- At least 2 screenshots across device types are required to publish the store
34+
listing.
35+
- Up to 8 screenshots can be uploaded for each supported device type.
36+
- Accepted formats are JPEG or 24-bit PNG with no alpha channel.
37+
- Each screenshot must have a minimum dimension of 320 px and a maximum
38+
dimension of 3840 px.
39+
- The longest side cannot be more than twice the shortest side.
40+
- For app recommendation eligibility, provide at least 4 app screenshots at
41+
minimum 1080 px resolution. Portrait screenshots should be 9:16, with
42+
1080 x 1920 px or higher.
43+
44+
## Required Capture Set
45+
46+
Capture at least these five app states. If the Play Console or product/design
47+
owner wants fewer uploads, keep these as the source set and select the best
48+
ordered subset after review.
49+
50+
| Order | App state | Route or flow | Capture requirements |
51+
| --- | --- | --- | --- |
52+
| 1 | Onboarding or permission request | `/onboarding/start`, `/onboarding`, or `/allowNotification` | Show the actual first-run setup or notification permission explanation. The text must match shipped localization. |
53+
| 2 | Schedule creation | `/scheduleCreate` | Show a realistic appointment being created with date, time, place, travel time, spare time, and preparation steps where possible. |
54+
| 3 | Alarm and preparation flow | `/scheduleStart` and `/alarmScreen` | Show the early-start prompt or active preparation checklist/timer for a real schedule. Do not fake alarm state with debug-only overlays. |
55+
| 4 | Calendar or Home | `/home` or `/calendar` | Show upcoming schedules on Home or the monthly calendar with realistic non-sensitive schedule names. |
56+
| 5 | My Page and account controls | `/myPage` | Show account/settings controls, including notification or default preparation settings if available. Avoid exposing a real email address. |
57+
58+
Optional additional screenshots:
59+
60+
- Preparation completion or early/late result at `/earlyLate`.
61+
- Default preparation and spare time settings at
62+
`/defaultPreparationSpareTimeEdit`.
63+
- Schedule edit flow at `/scheduleEdit/:scheduleId`.
64+
65+
## Quality Review
66+
67+
- Confirm every screenshot reflects the release candidate behavior.
68+
- Confirm text, dates, and labels match the shipped localization.
69+
- Confirm screenshots do not imply unsupported sharing, collaboration,
70+
location-tracking, map navigation, or other features not present in the app.
71+
- Confirm screenshots do not contain debugging UI, emulator overlays, test
72+
banners, unfinished placeholders, or mock-only copy.
73+
- Confirm image dimensions and file formats are accepted by Play Console before
74+
marking issue #449 complete.
75+
- Record the build commit, build variant, device model, OS version, locale,
76+
screenshot filenames, and reviewer in the evidence log below.
77+
78+
## Evidence Log
79+
80+
Complete this table when screenshots are captured.
81+
82+
| Field | Value |
83+
| --- | --- |
84+
| Build commit | |
85+
| Build variant | |
86+
| Device or emulator | |
87+
| Android version | |
88+
| Locale(s) | |
89+
| Screenshot filenames | |
90+
| Dimension check result | |
91+
| Product/design reviewer | |
92+
| Play Console upload result | |
93+
| Notes or follow-up issues | |

docs/Home.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,10 +8,16 @@ Welcome to the OnTime-front project documentation! This wiki contains everything
88
- [Wiki Management Guide](./Wiki-Management.md) - How to modify and upload wiki content
99
- [Project Architecture](./Architecture.md) - Understanding the project structure
1010
- [Git Workflow](./Git.md) - Git strategy and commit message formats
11+
- [Release Checklist](./Release-Checklist.md) - Reusable release gates,
12+
verification commands, store checks, and rollout handoff
1113
- [Android Release Signing](./Android-Release-Signing.md) - Required keystore inputs and release signing validation
14+
- [Android Release Configuration](./Android-Release-Configuration.md) - Firebase config, signed AAB workflow, and Play internal deploy setup
1215
- [iOS Release Configuration](./iOS-Release-Configuration.md) - Required Dart defines and archive validation
16+
- [Google Play Data Safety Worksheet](./Google-Play-Data-Safety.md) - Source-backed Data safety evidence and pending owner inputs
17+
- [Play Pre-Launch Report](./Play-Pre-Launch-Report.md) - Google Play report runbook, triage gate, and evidence template
1318
- [Release Rollout Monitoring](./Release-Rollout-Monitoring.md) - Release ownership, staged rollout gates, and post-launch monitoring
1419
- [Play Review Rejection Playbook](./Play-Review-Rejection-Playbook.md) - How to triage, fix, resubmit, or appeal Google Play review rejections
20+
- [Google Play Release Screenshots](./Google-Play-Release-Screenshots.md) - Capture checklist and evidence log for real release screenshots
1521

1622
### Technical Deep Dives
1723
- [Error Handling System](./Error-Handling-Result-System.md) - Result-based error handling architecture

0 commit comments

Comments
 (0)