this post was submitted on 12 Oct 2023
44 points (95.8% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54698 readers
401 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

I downloaded an apk from mobilism and before I install it, how do I go about ensuring it's not malware or an unsafe app? I'm all for buying apps but I hate all these subscriptions...

top 13 comments
sorted by: hot top controversial new old
[–] Justly0250@lemdro.id 23 points 1 year ago* (last edited 1 year ago) (1 children)

Virustotal.com

I have a PWA (Web App) created for this website on my home screen. I always check downloaded APKs by uploading them here.

It's smart. It does not always require you to upload the apk. 99% of the time, the APKs from Mobilism are already uploaded and scanned there by other users. In that case, the website simply checked the file hash, skips the upload and shows the scan results.

As for the scan results themselves, I'm not an expert. Maybe others on this thread can help you there.

[–] Sterben@lemmy.ml 2 points 1 year ago

Interesting, thank you for the info :)

[–] 7h0m4s@aussie.zone 7 points 1 year ago (2 children)

There are plenty of things that scans will not pick up that you still likely don't want your apps doing.

However an alternative app store I use is F-Droid. Which only hosts apps that are open source. This means that it is significantly less likely that anything bad will be on the apps. Since the source code is available for anyone to review. It also means that everything on there is legally free anyway. 😀

[–] rufus@discuss.tchncs.de 15 points 1 year ago* (last edited 1 year ago)

Doesn't answer the question.... But i can recommend F-Droid too. It's really good. I get 80% of my Apps there. But it's for people who like and want free software. Maybe not for everyone.

[–] can@sh.itjust.works 4 points 1 year ago (1 children)

They're looking for pirated software.

[–] 7h0m4s@aussie.zone 1 points 1 year ago

That's fair. Just providing the best still-free option I knew about.

I don't know of any scanners or reliable pirated APK sites personally.

Android is not really at risk when using an up to date os and not giving the app sensitive permissions. Android apps are sandboxed and canot do much without permissions. If you want to be sure, use virustotal as other recommended in the thread. Also maybe avoid sketchy sources

[–] hexagonwin@lemmy.sdf.org 3 points 1 year ago

I usually analyze apps using apktool (some are obvious), and install on the phone and block the app's internet connection. Not sure how it works for your device but I'm able to block it in Settings on LineageOS 18.1.

[–] mvirts@lemmy.world 2 points 1 year ago

Unzip the apk and look through the filesystem. Some malware will be obvious.

Install the APK on an android development vm and use it for a bit. Maybe give it a week to start showing ads and stuff. Maybe try capturing network traffic and try to determine if it's legit.

If you don't need network access use netguard or some other local firewall to disable network traffic for the app and just use it normally

Back up your important stuff and be ready to wipe your device if you notice any bad behavior. Of course some malware doesn't show itself at all, so you may never know.

[–] boblaw0@lemmy.world 1 points 1 year ago

I use App Manager (f-droid) to look at the app for permissions, trackers, and activites that look sketchy for the app to be using.