diff --git a/contrib/android/Dockerfile b/contrib/android/Dockerfile
index 604a1c3c3..59c616e63 100644
--- a/contrib/android/Dockerfile
+++ b/contrib/android/Dockerfile
@@ -190,7 +190,7 @@ RUN cd /opt \
     && /opt/venv/bin/python3 -m pip install --no-build-isolation --no-dependencies -e .
 
 # install python-for-android
-ENV P4A_CHECKOUT_COMMIT="7197c1c28409fbeebd8494093349a2bfd770526a"
+ENV P4A_CHECKOUT_COMMIT="d4432ec8d07b8521465d6daddd55046fc0413599"
 # ^ from branch electrum_20240930 (note: careful with force-pushing! see #8162)
 RUN cd /opt \
     && git clone https://github.com/spesmilo/python-for-android \
diff --git a/contrib/android/apkdiff.py b/contrib/android/apkdiff.py
index 09ac241c0..da050f62d 100755
--- a/contrib/android/apkdiff.py
+++ b/contrib/android/apkdiff.py
@@ -4,6 +4,14 @@
 import sys
 from zipfile import ZipFile
 
+
+# FIXME it is possible to hide data in the apk signing block - and then the application
+#       can introspect itself at runtime and access that, even execute it as code... :/
+#       see https://source.android.com/docs/security/features/apksigning/v2#apk-signing-block
+#           https://android.izzysoft.de/articles/named/iod-scan-apkchecks
+#           https://github.com/obfusk/sigblock-code-poc
+#       I think if the app did this kind of introspection, that should be caught by code review,
+#       but still, note that with this current diff script it is possible to smuggle data in the apk.
 class ApkDiff:
     IGNORE_FILES = ["META-INF/MANIFEST.MF", "META-INF/CERT.RSA", "META-INF/CERT.SF"]