diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
index 5d3f274ae9b..0d4a2a1e058 100644
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -70,13 +70,15 @@ jobs:
 
       # Align and sign the APK
       - name: Sign APK
+        shell: bash
+        env:
+          KEY_ALIAS: ${{ secrets.TEST_KS_ALIAS }}
+          KEY_PASSWORD: ${{ secrets.TEST_KS_KEY }}
         run: |
           APK_INPUT="owncloud-${{ github.sha }}.apk"
           APK_ALIGNED="owncloud-${{ github.sha }}-aligned.apk"
           APK_SIGNED="owncloudSigned-${{ github.sha }}.apk"
           KEYSTORE="./test.keystore"
-          KEY_ALIAS="${{ secrets.TEST_KS_ALIAS }}"
-          KEY_PASSWORD="${{ secrets.TEST_KS_KEY }}"
 
           # Align APK for optimal performance
           echo "Aligning APK..."
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 32db84d4880..5b224bcb5aa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -42,6 +42,7 @@ ownCloud admins and users.
 * Bugfix - Handling of HTTP code response 413: [#4094](https://github.com/owncloud/android/issues/4094)
 * Bugfix - Set authorization header for token request only when necessary: [#4575](https://github.com/owncloud/android/issues/4575)
 * Bugfix - Add explicit permission to Detekt workflow: [#4675](https://github.com/owncloud/android/pull/4675)
+* Bugfix - Add shell to execute apk signing step in GitHub Actions: [#4702](https://github.com/owncloud/android/pull/4702)
 * Change - SBOM workflow runs on dependabot PRs: [#4664](https://github.com/owncloud/android/pull/4664)
 * Change - Update test workflow uses "build-from-latest-apk" workflow: [#4681](https://github.com/owncloud/android/pull/4681)
 * Enhancement - New layout for spaces list: [#4604](https://github.com/owncloud/android/issues/4604)
@@ -80,6 +81,13 @@ ownCloud admins and users.
 
    https://github.com/owncloud/android/pull/4675
 
+* Bugfix - Add shell to execute apk signing step in GitHub Actions: [#4702](https://github.com/owncloud/android/pull/4702)
+
+   New value for shell to the signing step has been added to the action, to assure
+   a correct execution. Also, secrets as environment variables in the step.
+
+   https://github.com/owncloud/android/pull/4702
+
 * Change - SBOM workflow runs on dependabot PRs: [#4664](https://github.com/owncloud/android/pull/4664)
 
    Changes to dependency versions will be managed within Dependabot PRs, so they
diff --git a/changelog/unreleased/4702 b/changelog/unreleased/4702
new file mode 100644
index 00000000000..3ac0b89438a
--- /dev/null
+++ b/changelog/unreleased/4702
@@ -0,0 +1,5 @@
+Bugfix: Add shell to execute apk signing step in GitHub Actions
+
+New value for shell to the signing step has been added to the action, to assure a correct execution. Also, secrets as environment variables in the step.
+
+https://github.com/owncloud/android/pull/4702