I received an email from the CERT Coordination Center stating "The CERT Coordination Center <
https://www.cert.org> is investigating Android applications that include private keys in them, yet are available publicly in the Google Play store. You may have already received a notification that your application b4a.yourapp distributes one or more private keys..."
The email goes into great length about Private Sign Keys. What is the course of action for what they require us to do with our private sign keys?