diff --git a/.gitea/workflows/android.yaml b/.gitea/workflows/android.yaml
index 03a0547..2d64c2a 100644
--- a/.gitea/workflows/android.yaml
+++ b/.gitea/workflows/android.yaml
@@ -58,24 +58,23 @@ jobs:
           # 1. Frontend mit Trunk bauen
           trunk build --release
 
-          # 2. Android Initialisieren falls nötig
-          if [ ! -d "src-tauri/gen/android" ]; then
-            cargo-tauri android init
-          fi
-
-          # 3. Android Build - Syntax mit explizitem true und release-forwarding
-          cargo-tauri android build --target aarch64 --apk true -- --release
+          # 2. Android Build - Exakt wie dein erfolgreicher lokaler Test
+          cargo-tauri android build --target aarch64 --apk
         env:
           JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64
 
-      - name: Debug - List APK locations
-        run: |
-          echo "Suche nach erzeugten APKs..."
-          find . -name "*.apk"
+      - name: Sign APK
+        uses: r0adkall/sign-android-release@v1
+        id: sign_app
+        with:
+          releaseDirectory: src-tauri/gen/android/app/build/outputs/apk/universal/release
+          signingKeyBase64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
+          alias: ${{ secrets.ANDROID_KEY_ALIAS }}
+          keyStorePassword: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
+          keyPassword: ${{ secrets.ANDROID_KEY_PASSWORD }}
 
-      - name: Upload APK Artifact
+      - name: Upload Signed APK
         uses: actions/upload-artifact@v3
         with:
-          name: Xiaomi-App
-          # Wir nutzen weiterhin das rekursive Pattern für maximale Sicherheit
-          path: src-tauri/gen/android/app/build/outputs/apk/**/*.apk
+          name: Marstemedia-Signed
+          path: ${{ steps.sign_app.outputs.signedReleaseFile }}
diff --git a/.gitignore b/.gitignore
index b71685a..a774b6c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 /target/
 /Cargo.lock
 /.jj/
+my-release-key.keystore