I downloaded an apk from mobilism and before I install it, how do I go about ensuring it’s not malware or an unsafe app? I’m all for buying apps but I hate all these subscriptions…

  • Ⓑⓡⓞⓚⓔⓝ@lemdro.id
    link
    fedilink
    English
    arrow-up
    21
    ·
    edit-2
    1 year ago

    Virustotal.com

    I have a PWA (Web App) created for this website on my home screen. I always check downloaded APKs by uploading them here.

    It’s smart. It does not always require you to upload the apk. 99% of the time, the APKs from Mobilism are already uploaded and scanned there by other users. In that case, the website simply checked the file hash, skips the upload and shows the scan results.

    As for the scan results themselves, I’m not an expert. Maybe others on this thread can help you there.

  • 7h0m4s@aussie.zone
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    4
    ·
    1 year ago

    There are plenty of things that scans will not pick up that you still likely don’t want your apps doing.

    However an alternative app store I use is F-Droid. Which only hosts apps that are open source. This means that it is significantly less likely that anything bad will be on the apps. Since the source code is available for anyone to review. It also means that everything on there is legally free anyway. 😀

    • rufus@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      15
      ·
      edit-2
      1 year ago

      Doesn’t answer the question… But i can recommend F-Droid too. It’s really good. I get 80% of my Apps there. But it’s for people who like and want free software. Maybe not for everyone.

      • 7h0m4s@aussie.zone
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        That’s fair. Just providing the best still-free option I knew about.

        I don’t know of any scanners or reliable pirated APK sites personally.

  • redditReallySucks@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    Android is not really at risk when using an up to date os and not giving the app sensitive permissions. Android apps are sandboxed and canot do much without permissions. If you want to be sure, use virustotal as other recommended in the thread. Also maybe avoid sketchy sources

  • hexagonwin@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I usually analyze apps using apktool (some are obvious), and install on the phone and block the app’s internet connection. Not sure how it works for your device but I’m able to block it in Settings on LineageOS 18.1.

  • mvirts@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    1 year ago

    Unzip the apk and look through the filesystem. Some malware will be obvious.

    Install the APK on an android development vm and use it for a bit. Maybe give it a week to start showing ads and stuff. Maybe try capturing network traffic and try to determine if it’s legit.

    If you don’t need network access use netguard or some other local firewall to disable network traffic for the app and just use it normally

    Back up your important stuff and be ready to wipe your device if you notice any bad behavior. Of course some malware doesn’t show itself at all, so you may never know.

  • db2@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    22
    ·
    1 year ago

    I downloaded an apk from [random sketchy site]

    🙄

    • catsup@lemmy.one
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      2
      ·
      1 year ago

      Mobilism is not some random sketchy site. It’s been a very popular forum for many years now. It has strict moderation and reputation-based profiles.