Certificates in general
Certificates are complicated, I don't blame you. By far, the most common use-case for certificates is for TLS websites where you need to submit a Certificate Signing Request (CSR) to a publicly-trusted CA in order to obtain a certificate that browsers will accept. In that case you revoke your certificate by contacting the CA who originally issued it. This does not apply to you.
Certificates in Android / Google Play
My understanding of the Android / Play Store code signing model is that you generate a private "app signing" key using the wizard in Android Studio. This key is then used by Android Studio to sign your APK files, and in order to upload your app to the Play Store, you need to also upload your public key and associate it with your Play Developer Account. From here there are two models: A) that key is publicly-visible an your Play Developer account and end-users's devices verify that the app has been signed by that key, or B) the key generated by Android Studio is used as the "upload key", and Google generates a second "signing key" in your cloud account to re-sign your APK with. Option B is probably more secure since compromise of your laptop does not mean compromise of the signing key (assuming malicious uploads to the Play Store can be rolled back).
In your case someone else has access to your private key, so they can write any software they want and publish it with a cryptographic signature linked to your Play Developer Account (bad news for you).
What to do?
It doesn't seem like Google has a model for "revoking" app signing keys, but you can remove a key from your Play Developer account if you contact support. Google has a help article Manage your app signing keys, and at the bottom is:
Lost or compromised private keys
If you're enrolled in Google Play App Signing, you can reset your upload key if:
- You lost your private key, or
- Your private key has been compromised
Note: Resetting your upload key will not affect the app signing key that Google Play uses to re-sign APKs before delivering to users.
Reset your upload key
Since you need to contact the Google Support team anyway as part of this process, I would just contact them right away for advice.