diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 74b6e8b5..9659dcdf 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -30,7 +30,7 @@ web:
         # THUS $STAGING_TARGET_SSH_PRIVATE_KEY HAS TO BE BASE64 ENCODED
         # USE AN UNPRIVILIGED USER WITH ACCESS ONLY TO THIS DIRECTORY
         # example: $STAGING_SCP_TARGET = deployuser@staging.environment.com:/path/for/web/data
-        sh static/scripts/ssh_deploy.sh $STAGING_SCP_TARGET $STAGING_TARGET_SSH_PRIVATE_KEY
+        sh static/scripts/ssh_deploy.sh web $STAGING_SCP_TARGET $STAGING_TARGET_SSH_PRIVATE_KEY
       fi
 
       if [ "$RELEASE_TYPE" == "production" ]; then
@@ -38,7 +38,7 @@ web:
         # THUS $PRODUCTION_TARGET_SSH_PRIVATE_KEY HAS TO BE BASE64 ENCODED
         # USE AN UNPRIVILIGED USER WITH ACCESS ONLY TO THIS DIRECTORY
         # example: $PRODUCTION_SCP_TARGET = deployuser@production.environment.com:/path/for/web/data
-        sh static/scripts/ssh_deploy.sh $PRODUCTION_SCP_TARGET $PRODUCTION_TARGET_SSH_PRIVATE_KEY
+        sh static/scripts/ssh_deploy.sh web $PRODUCTION_SCP_TARGET $PRODUCTION_TARGET_SSH_PRIVATE_KEY
       fi
   artifacts:
     untracked: false
@@ -82,6 +82,14 @@ android:
 
       if [ "$RELEASE_TYPE" == "production" ]; then
         make android;
+
+        # USE GITLAB PROTECTED & MASKED CI VARIABLES TO PROVIDE THE FOLLOWING DATA!
+        # THUS $APK_TARGET_SSH_PRIVATE_KEY HAS TO BE BASE64 ENCODED
+        # USE AN UNPRIVILIGED USER WITH ACCESS ONLY TO THIS DIRECTORY
+        # example: $APK_SCP_TARGET = deployuser@your.apk.storage.com:/path/to/app.apk
+        if [ -n "$APK_SCP_TARGET" ]; then
+          sh static/scripts/ssh_deploy.sh apk $APK_SCP_TARGET $APK_TARGET_SSH_PRIVATE_KEY
+        fi
       fi
   artifacts:
     untracked: false
diff --git a/README.md b/README.md
index 006b448c..573d43e6 100644
--- a/README.md
+++ b/README.md
@@ -30,3 +30,4 @@ docker build -t openstapps-art .
 2. Edit app.conf.sample to your liking and rename it to app.conf (needs info you can find in your corresponding developer/store portal)
 3. Use docker to run `make web` and `make android` (i.e. `docker run -it -v $(pwd):/build --rm openstapps-art:latest make web`)
 4. On a macOS device run `make ios` (make sure you have all required certificates / profiles set up in Xcode)
+5. Gitlab CI runs need to be provided with SCP targets and Base64 encoded SSH private keys via env variables for web and (optionally) apk deployments
diff --git a/static/scripts/ssh_deploy.sh b/static/scripts/ssh_deploy.sh
index f3d735e7..90a3b019 100755
--- a/static/scripts/ssh_deploy.sh
+++ b/static/scripts/ssh_deploy.sh
@@ -2,10 +2,10 @@
 
 set -e
 
-SSH_DEPLOY_TARGET=$1
+SSH_DEPLOY_TARGET=$2
 SSH_DEPLOY_TARGET="${SSH_DEPLOY_TARGET:-"missingtarget"}"
 
-SSH_PRIVATE_KEY=$2
+SSH_PRIVATE_KEY=$3
 SSH_PRIVATE_KEY="${SSH_PRIVATE_KEY:-"missingkey"}"
 
 GOTO_FAIL=false
@@ -45,13 +45,26 @@ mkdir -p ~/.ssh
 chmod 700 ~/.ssh
 eval `ssh-agent -s`
 echo "$SSH_PRIVATE_KEY" | base64 -d | tr -d '\r' | ssh-add -
-##
-## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com
-## with your own domain name. You can copy and repeat that command if you have
-## more than one server to connect to.
 
+## Use ssh-keyscan to scan the keys of your private server. 
+## You can copy and repeat that command if you have more than 
+## one server to connect to.
 ssh-keyscan $SSH_DEPLOY_TARGET_HOST >> ~/.ssh/known_hosts
 chmod 644 ~/.ssh/known_hosts
 
-scp www.zip "$SSH_DEPLOY_TARGET"
-ssh "$SSH_DEPLOY_TARGET_USER@$SSH_DEPLOY_TARGET_HOST" "cd $SSH_DEPLOY_TARGET_PATH && unzip -o www.zip && rm -f www.zip"
+web() {
+  scp www.zip "$SSH_DEPLOY_TARGET"
+  ssh "$SSH_DEPLOY_TARGET_USER@$SSH_DEPLOY_TARGET_HOST" "cd $SSH_DEPLOY_TARGET_PATH && unzip -o www.zip && rm -f www.zip"
+}
+
+apk() {
+  scp app/android/app/build/outputs/apk/release/app-release.apk "$SSH_DEPLOY_TARGET"
+}
+
+if declare -f "$1" > /dev/null
+then
+  "$@"
+else
+  echo "'$1' is not a known function name"
+  exit 1
+fi