I see there is no mention of what happens to users whose signing certificates for app stores were exposed. I have built a mobile app with CircleCi and signing keys were stored in environment variables as I have presumed(naively) it’s secure place to store them.
Now here is the pickle - signing certificates for apps as far as I understand are locked to a specific app. It’s not possible to change certificates without asking ALL the users to download a new app. Any suggestions on what to do in that case?