diff --git a/tools/taskcluster/sign.sh b/tools/taskcluster/sign.sh
index 7a0621325..59bc9bc65 100644
--- a/tools/taskcluster/sign.sh
+++ b/tools/taskcluster/sign.sh
@@ -1,4 +1,4 @@
 #!/bin/sh
 python tools/taskcluster/fetch_secret.py -s project/firefoxreality/$1 -o token -n token
-python tools/taskcluster/sign_apk.py -t `cat token` $2
+python tools/taskcluster/sign_apk.py -t token $2
 python tools/taskcluster/archive_debug_apk.py
diff --git a/tools/taskcluster/sign_apk.py b/tools/taskcluster/sign_apk.py
index b0233b3fe..949bc8c6d 100644
--- a/tools/taskcluster/sign_apk.py
+++ b/tools/taskcluster/sign_apk.py
@@ -25,7 +25,8 @@ def main(name, argv):
          print name + '-t <token file name> -r'
          sys.exit()
       elif opt in ("-t"):
-         token = arg
+         with open(arg, 'r') as tokenfile:
+            token = tokenfile.read().rstrip()
       elif opt in ('-r'):
          sign_url = 'https://autograph-edge.prod.mozaws.net/sign'
          release = True
@@ -33,7 +34,7 @@ def main(name, argv):
    build_output_path = './app/build/outputs/apk'
 
    # Sign APKs
-   for apk in glob.glob(build_output_path + "/*/*/*-aligned.apk"):
+   for apk in glob.glob(build_output_path + "/*/*/*-unsigned.apk"):
       target = apk.replace('-unsigned', '-signed')
       if not release:
          target = target.replace('-release-', '-staging-')