16-1 · Chapter 16 · 5 min read

What Changes When You Ship a Mobile App

If you've spent years shipping web applications, mobile delivery feels like stepping into a different world. With a web app, you build, upload to a

What Changes When You Ship a Mobile App

If you've spent years shipping web applications, mobile delivery feels like stepping into a different world. With a web app, you build, upload to a server, and you're done. Users refresh their browser, and they see the latest version. You control everything: the server, the infrastructure, the timing of the release.

Mobile apps don't work that way. And the differences run deep enough that your entire CI/CD pipeline needs to change.

The App Lives on Someone Else's Device

The first and most fundamental difference is where the application actually runs. A mobile app doesn't live on a server you manage. It lives on a device in someone's pocket. You can't swap out files on a server. You can't push a hotfix and have it take effect immediately.

Every time you want to ship a new version, you have to rebuild the application, sign it digitally, and submit it to an app store. Then the user has to download and install the update themselves. Some users will update right away. Others will ignore the notification for weeks. A few will never update at all.

This changes how you think about delivery. You can't assume everyone is on the latest version. You can't fix a critical bug and have it reach all users within minutes. The control you had with web delivery is gone.

Two Platforms, Two Build Systems

Mobile delivery means dealing with multiple build systems. Android uses Gradle. iOS uses Xcode. Each has its own rules about SDK versions, dependencies, and output formats. You can't build an Android app on macOS and ship it to iOS users, or the other way around.

Your pipeline needs to handle two separate build paths. They can run in parallel or sequentially, depending on your setup, but they are never the same. The build configuration for Android lives in Gradle files. The build configuration for iOS lives in Xcode project files and schemes. The dependencies are managed differently. The signing process is completely different.

If you support both platforms, your CI/CD pipeline effectively becomes two pipelines that share some testing and notification logic but diverge at the build step.

Signing Is Not Optional

Before a mobile app can be installed on a user's device, it must be digitally signed. This signature proves the app came from you, not from someone pretending to be you. Android uses a keystore file. iOS uses certificates and provisioning profiles.

These are secret files. If they leak, someone else can publish apps that look like yours. If you lose them, you can never ship another update to your existing app on the Play Store or App Store. There is no recovery. You would have to create a new app listing and lose all your existing users.

In your pipeline, these files must be stored securely. Never hardcode them in your repository. Never commit them to version control. Use a secrets manager, encrypted storage in your CI system, or a dedicated signing service. The pipeline should only access these files during the signing step and nowhere else.

The Store Controls Your Release Timing

You cannot just send an APK or IPA file to users. The app must go through an app store. Google Play Store and Apple App Store both have review processes. Google Play usually reviews within hours. Apple's review can take longer and is often more strict.

This means the time between when your build finishes and when users start using the new version is not under your control. A third party decides when your app goes live. If they reject your submission, you have to fix the issue, rebuild, and resubmit. The clock resets.

This also affects your rollback strategy. On the web, rolling back means deploying the previous version. On mobile, you cannot force users to revert. Users who already updated will stay on the broken version until you ship a fix. And that fix has to go through review again.

Staged Rollouts Become Essential

Because you can't roll back easily, you need to be careful about how you release. Both Android and iOS support gradual rollouts. Android calls it staged rollout. iOS calls it phased release.

The idea is simple: you release the new version to a small percentage of users first. Maybe 1% or 5%. You monitor crash reports, error rates, and user feedback. If everything looks good, you expand the rollout to 10%, then 25%, then 50%, then 100%. If something goes wrong, you pause the rollout. Only the small group of users who already received the update are affected.

This is not optional for serious mobile delivery. It is the primary way to reduce risk when you cannot instantly roll back.

What This Means for Your Pipeline

All these differences add up to a CI/CD pipeline that looks very different from a web pipeline. Your mobile pipeline must handle:

The following flowchart shows the two paths side by side, highlighting where mobile adds extra gates.

flowchart TD subgraph Web W1[Build] --> W2[Upload to server] W2 --> W3[Users refresh browser] end subgraph Mobile M1[Build] --> M2[Sign app] M2 --> M3[Submit to store] M3 --> M4[Store review] M4 --> M5[User downloads update] end W1 -.-> M1

Platform-specific builds with different toolchains
Secure signing with secrets that must never leak
Upload to app stores with automated submission
Staged rollout strategies that can be paused or expanded

You also need to think about testing differently. Emulators and simulators can catch many issues, but they are not perfect. Some bugs only appear on real devices with specific hardware, sensors, or network conditions. Your pipeline should include both automated testing on virtual devices and a process for testing on physical devices before full release.

A Quick Checklist for Mobile CI/CD

Store signing keys and certificates in a secure secrets manager, not in your repository
Set up separate build jobs for Android and iOS with their respective toolchains
Automate upload to Google Play Console and App Store Connect
Implement staged rollout or phased release in your pipeline
Add crash reporting and monitoring that triggers alerts during gradual rollout
Test on both emulators and real devices before expanding release percentage

The Takeaway

Mobile delivery is not web delivery with a different build step. The app lives on devices you don't control. The store controls your release timing. Rollback is not a button you press. Your CI/CD pipeline must account for these realities from the start. Build for the platform, sign securely, release gradually, and monitor relentlessly. That is the only way to ship mobile apps without waking up to a production incident you cannot fix until the next review cycle.