Stay signed in between visits, a My location button that no longer covers the map zoom, and a security-hardened wave of fixes now on Google Play and the App Store
Platform / Product
You no longer have to sign in every time you open any of the RA Delivery apps: your session now persists securely and is restored automatically on launch, backed by rotating, revocable tokens. The My location button was moved clear of the map zoom controls per direct feedback, the website now keeps your cart across sign-in and never resurrects a paid cart, and a deep automated review plus an adversarial security pass fixed a set of issues across all four apps, the website, and the backend. New app versions are on Google Play and the App Store.
Stay signed in
- The customer, courier, merchant, and fleet apps now remember you between visits and restore your session automatically when you reopen them, instead of asking you to log in every time.
- Sessions are backed by rotating tokens stored in the device's secure keystore; they are revoked on logout, password change, and account closure, and reused-token theft is detected and shut down.
- If the network is down when you open the app, your saved session is kept for the next launch rather than being discarded.
- Verified end-to-end on a real Android device: log in, force-close the app, reopen - still signed in.
Map and interface polish
- The My location button was moved so it no longer sits on top of the map zoom controls.
- The website now keeps your cart and chosen delivery spot across sign-in and onboarding, shows a clear prompt when your session expires, and can no longer bring back a cart after a card payment already went through.
- Fleet and courier screens now show readable status labels, the fleet board refreshes on pull-down and on a timer, and login errors are shown clearly.
Security-hardened before publishing
An adversarial multi-agent review of the whole change set (independent reviewers plus two skeptics per finding) caught and fixed six higher-priority issues before release - including making sure a changed password fully revokes saved sign-ins, that a stranger cannot lock anyone else out of a shared demo login, and that a demo tool can never touch real orders.
All automated checks pass (type checks, 1561 backend and shared tests, linting, secret scan). All four Android apps were submitted to Google Play production and the iPhone customer app to the App Store.
Commit: b0937ea