A Korean Android app developer described a compromise in which an attacker took over the developer's Google account, accessed Bitbucket through that login, and obtained source code. The attacker was able to distribute a malicious APK because the Android Studio build configuration had stored the signing certificate password in `build.gradle`, exposing the credential needed for release builds. The developer said the malicious version added repository read/write-related permissions, was discovered after contact from cyber police, and did not spread broadly through auto-update because the permission change blocked automatic updating. The account and infected release were remediated with two-factor authentication, removal of the malicious app version, re-release from a new clean account, and forensic handling of a compromised Windows development machine. No specific threat actor attribution is supported by the excerpt.