I would use a new "upload key" to sign releases, which could be rotated if it was ever lost or compromised.
While this wouldn't be appropriate for apps with distinct threat models (e.g. Signal), this might make sense for an app like this one, and reduce some of the drive-by security threats I and the app might face.
This would have me upload my signing key and keystore to Google for them to protect: https://developer.android.com/studio/publish/app-signing.html#google-play-app-signing
I would use a new "upload key" to sign releases, which could be rotated if it was ever lost or compromised.
While this wouldn't be appropriate for apps with distinct threat models (e.g. Signal), this might make sense for an app like this one, and reduce some of the drive-by security threats I and the app might face.