Google's App Signing ToS is evil: https://play.google/play-app-signing-terms/

They make you upload your signing key so that they can inject arbitrary code into your app. For "security"