I downloaded an apk from mobilism and before I install it, how do I go about ensuring it’s not malware or an unsafe app? I’m all for buying apps but I hate all these subscriptions…
I have a PWA (Web App) created for this website on my home screen. I always check downloaded APKs by uploading them here.
It’s smart. It does not always require you to upload the apk. 99% of the time, the APKs from Mobilism are already uploaded and scanned there by other users. In that case, the website simply checked the file hash, skips the upload and shows the scan results.
As for the scan results themselves, I’m not an expert. Maybe others on this thread can help you there.
Interesting, thank you for the info :)
There are plenty of things that scans will not pick up that you still likely don’t want your apps doing.
However an alternative app store I use is F-Droid. Which only hosts apps that are open source. This means that it is significantly less likely that anything bad will be on the apps. Since the source code is available for anyone to review. It also means that everything on there is legally free anyway. 😀
Doesn’t answer the question… But i can recommend F-Droid too. It’s really good. I get 80% of my Apps there. But it’s for people who like and want free software. Maybe not for everyone.
They’re looking for pirated software.
That’s fair. Just providing the best still-free option I knew about.
I don’t know of any scanners or reliable pirated APK sites personally.
Android is not really at risk when using an up to date os and not giving the app sensitive permissions. Android apps are sandboxed and canot do much without permissions. If you want to be sure, use virustotal as other recommended in the thread. Also maybe avoid sketchy sources
I usually analyze apps using apktool (some are obvious), and install on the phone and block the app’s internet connection. Not sure how it works for your device but I’m able to block it in Settings on LineageOS 18.1.
Unzip the apk and look through the filesystem. Some malware will be obvious.
Install the APK on an android development vm and use it for a bit. Maybe give it a week to start showing ads and stuff. Maybe try capturing network traffic and try to determine if it’s legit.
If you don’t need network access use netguard or some other local firewall to disable network traffic for the app and just use it normally
Back up your important stuff and be ready to wipe your device if you notice any bad behavior. Of course some malware doesn’t show itself at all, so you may never know.
I use App Manager (f-droid) to look at the app for permissions, trackers, and activites that look sketchy for the app to be using.
I downloaded an apk from [random sketchy site]
🙄
Mobilism is not some random sketchy site. It’s been a very popular forum for many years now. It has strict moderation and reputation-based profiles.
And it’s on the wiki for this instance haha