I'm particularly disappointed to hear that Google doesn't provide any way to rotate the signing key for an app.
Is there an issue for that file with them anywhere, or more discussion?
Some day, I hope reputable services have migrated to The Update Framework, which has been pointing out and solving these and other problems related to software updates for several years now.
Actually, a quick search leads to this - is it indeed possible to rotate your key, at least for Android's Pie version?
Edit: https://developer.android.com/studio/publish/app-signing#app... is the type of key rotation i was talking about here.