diff --git a/.github/workflows/frontend.yaml b/.github/workflows/frontend.yaml
index 3484a81..7ece636 100644
--- a/.github/workflows/frontend.yaml
+++ b/.github/workflows/frontend.yaml
@@ -82,16 +82,20 @@ jobs:
         working-directory: frontend
     steps:
       - uses: actions/checkout@v3
+
       - name: Set up Nodejs
         uses: actions/setup-node@v2
         with:
           node-version: "18"
           cache: "npm"
           cache-dependency-path: frontend/package-lock.json
+
       - name: Install dependencies
         run: npm ci
+
       - name: Setup Android SDK
         uses: android-actions/setup-android@v2
+
       - uses: actions/cache@v3
         with:
           path: |
@@ -100,12 +104,45 @@ jobs:
           key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
           restore-keys: |
             ${{ runner.os }}-gradle-
+
       - name: Setup Gradle
         uses: gradle/gradle-build-action@v2
-      - name: Build web app
-        run: npx nx build-android mobile
+
+      - name: Build App Bundle
+        run: npx nx build-android mobile --mode release
+
+      - name: Build App APK
+        run: npx nx build-android mobile --tasks assembleRelease
+
+      - name: Sign App Bundle
+        id: sign_app
+        uses: r0adkll/sign-android-release@v1
+        with:
+          releaseDirectory: frontend/apps/mobile/android/app/build/outputs/bundle/release
+          signingKeyBase64: ${{ secrets.ANDROID_SIGNING_KEY }}
+          alias: ${{ secrets.ANDROID_KEY_STORE_ALIAS }}
+          keyStorePassword: ${{ secrets.ANDROID_KEY_STORE_PASSWORD }}
+          keyPassword: ${{ secrets.ANDROID_KEY_PASSWORD }}
+
+      - name: Sign App APK
+        id: sign_app_apk
+        uses: r0adkll/sign-android-release@v1
+        with:
+          releaseDirectory: frontend/apps/mobile/android/app/build/outputs/apk/release
+          signingKeyBase64: ${{ secrets.ANDROID_SIGNING_KEY }}
+          alias: ${{ secrets.ANDROID_KEY_STORE_ALIAS }}
+          keyStorePassword: ${{ secrets.ANDROID_KEY_STORE_PASSWORD }}
+          keyPassword: ${{ secrets.ANDROID_KEY_PASSWORD }}
+
+      - name: Upload AAB
+        uses: actions/upload-artifact@v3
+        with:
+          name: app-release-aab
+          path: frontend/apps/mobile/android/app/build/outputs/bundle/release/app-release.aab
+
       - name: Upload APK
         uses: actions/upload-artifact@v3
         with:
-          name: app-debug-apk
-          path: apps/mobile/android/app/build/outputs/apk/debug/app-debug.apk
+          name: app-release-apk
+          path: frontend/apps/mobile/android/app/build/outputs/apk/release/app-release.apk
+
diff --git a/frontend/apps/mobile/android/app/build.gradle b/frontend/apps/mobile/android/app/build.gradle
index b807e19..0972bd5 100644
--- a/frontend/apps/mobile/android/app/build.gradle
+++ b/frontend/apps/mobile/android/app/build.gradle
@@ -93,6 +93,14 @@ android {
             keyAlias 'androiddebugkey'
             keyPassword 'android'
         }
+        release {
+            if (project.hasProperty('ABRECHNUNG_UPLOAD_STORE_FILE')) {
+                storeFile file(ABRECHNUNG_UPLOAD_STORE_FILE)
+                storePassword ABRECHNUNG_UPLOAD_STORE_PASSWORD
+                keyAlias ABRECHNUNG_UPLOAD_KEY_ALIAS
+                keyPassword ABRECHNUNG_UPLOAD_KEY_PASSWORD
+            }
+        }
     }
     buildTypes {
         debug {
@@ -101,7 +109,9 @@ android {
         release {
             // Caution! In production, you need to generate your own keystore file.
             // see https://reactnative.dev/docs/signed-apk-android.
-            signingConfig signingConfigs.debug
+            if (project.hasProperty('ABRECHNUNG_UPLOAD_STORE_FILE')) {
+                signingConfig signingConfigs.release
+            }
             minifyEnabled enableProguardInReleaseBuilds
             proguardFiles getDefaultProguardFile("proguard-android.txt"), "proguard-rules.pro"