Android distribution surface and verified release paths
SecPal's public Android rollout is now easier to understand for end users and easier to integrate for operators: the public download surface is simplified, the machine-readable release paths are explicit, and the signing identity is published for verification.
What shipped
- Simplified Android distribution surface on
secpal.app/android: Play Store remains the primary call to action, while direct download and beta are now presented as explicit upcoming channels with their machine-readable manifests linked from the same public page. - Canonical release-track contract for Android artifacts and metadata:
stableis the default public release path,betaremains the optional preview track, and the stable alias now resolves through the same canonical manifest structure as the explicit track endpoints. - Published app-signing fingerprint across the Android distribution surface and latest metadata, so operators can pin the intended signing identity before the direct APK delivery path goes live.
- Versioned Android release metadata and artifact paths on
apk.secpal.appremain available for automation and verification, while the deeper machine-readable endpoints are now clearly secondary to the primary end-user download flow.
Android distribution is no longer just technically correct; it is now understandable for end users, predictable for deployment automation, and clearer about which public install paths are already live versus still being prepared.
