DDM Play Store Cold Audit
Audit target: DDM-final-release.apk · Audited June 9, 2026
Release blockers (must fix before Play Store)
| Issue | Status | Fix |
|---|---|---|
Package name is com.example.ddm | BLOCKER | Rebuild Flutter app as live.vyreai.ddm or com.vyreai.ddm |
| Legal hub URL must be live | FIXED | Hosted at /ddm/legal/ |
| Privacy policy URL required | FIXED | /ddm/legal/privacy.html |
| Account/data deletion path | VERIFY | Confirm in-app delete-local-data flow + Play Console Data Safety form |
Version 0.1.0 | CHANGE | Ship first Play build as 1.0.0 or higher |
Permissions review
| Permission | Verdict | Notes |
|---|---|---|
| INTERNET | OK | Hub relay + optional sync |
| ACCESS_NETWORK_STATE | OK | Lane selection |
| CAMERA | OK | QR trust pairing — declare in Data Safety |
| RECORD_AUDIO | JUSTIFY | Only for optional AI lane; document clearly in listing |
| READ_MEDIA_IMAGES | JUSTIFY | Needed only if image attach/profile flows use it |
| READ_EXTERNAL_STORAGE | REMOVE IF POSSIBLE | Legacy; prefer scoped storage on Android 13+ |
Hub relay readiness
| Item | Status |
|---|---|
| Zero-knowledge relay protocol | Implemented server-side |
| Public hub legal language | In Terms + Hub Agreement |
| Flutter client integration | Needs source rebuild — see ddm/hub_client.dart |
| Device-as-hub background service | Needs Android foreground service + battery controls in app source |
Play Console checklist
- App content: messaging, user-generated content, encryption declaration
- Data Safety: local storage, encrypted relay metadata, no message-content collection
- Target API 34+ (APK already targets 36)
- Store listing screenshots + short/long description
- Support email and privacy policy URL