Yeah I sign my project APKs so people can install them from the action's artefact

  - name: Retrieve keystore for apk signing
    env:
      KEYSTORE: ${{ secrets.KEYSTORE }}
      run: echo "$KEYSTORE" | base64 --decode > /home/runner/work/keystore.pfk

Exactly. This workflow step takes a rather important secret and sticks it on a VM where any insufficiently sandboxed step before or after it can exfiltrate it.

GitHub should instead let you store that key as a different type of secret such that a specific workflow step can sign with it. Then a compromised runner VM could possibly sign something that shouldn’t be signed but could not exfiltrate it.

Even better would be to be able to have a policy that the only thing that can be signed is something with a version that matches the immutable release that’s being built.