Any reason not to give away the apk file for an app?
August 26, 2015 4:02 AM Subscribe
I have an app on Google Play. It's sort of a niche app. Someone has contacted me and asked if I could send them the apk file because they plan to use the app on an emulator and thus cannot download it from Google Play. Is there any risk in doing this?I'
I'm not a programmer, so I don't know exactly what risks I'm imagining. Could they modify the program and somehow make it their own? Or somehow get access to my google play account or the service I used to create the app? Something else?
I'm not a programmer, so I don't know exactly what risks I'm imagining. Could they modify the program and somehow make it their own? Or somehow get access to my google play account or the service I used to create the app? Something else?
No risk really, if you send them the signed APK.
But if you are worried, direct them to a site such as APK downloader instead which can download APKs from the play store directly (I only tried it with one APK, and it was identical to the one on my phone from the play store. It is possible for such a service to embed malware into downloaded APKs, but signature wouldn't match though.)
APKs (at least for free apps) can easily be extracted from a phone or from different web services or chrome plugins such as the site I linked to above, so if they wanted to make a copy under their own name the could have easily done it already. It is also possible to get the Play app to work in emulators, but it's a bit trickier.
posted by rpn at 5:31 AM on August 26, 2015 [1 favorite]
But if you are worried, direct them to a site such as APK downloader instead which can download APKs from the play store directly (I only tried it with one APK, and it was identical to the one on my phone from the play store. It is possible for such a service to embed malware into downloaded APKs, but signature wouldn't match though.)
APKs (at least for free apps) can easily be extracted from a phone or from different web services or chrome plugins such as the site I linked to above, so if they wanted to make a copy under their own name the could have easily done it already. It is also possible to get the Play app to work in emulators, but it's a bit trickier.
posted by rpn at 5:31 AM on August 26, 2015 [1 favorite]
No risk really, but it's a bit odd. One would think that if they're a developer, they'd know how to get the APK off of the phone. It's not hard to do. Perhaps they live in a location where they can't use Google Play for some reason? (Although there are almost always workarounds...)
Anyway, no real risk to you that I can think of. Lost sale, I suppose, if it's a paid app.
posted by Kadin2048 at 7:03 AM on August 26, 2015
Anyway, no real risk to you that I can think of. Lost sale, I suppose, if it's a paid app.
posted by Kadin2048 at 7:03 AM on August 26, 2015
They aren't a developer, they just asked for the apk to use the app. I have an android tablet that will not work with the Google Play store. I can use whatever came before the Play store and I can use the Amazon store without problems.
posted by soelo at 7:20 AM on August 26, 2015
posted by soelo at 7:20 AM on August 26, 2015
I use an Android phone but I don't want to have a Google account. To do this I go out of my way to get APKs from sources other than the play store. It requires me to be more vigilant about security, and I really REALLY appreciate when devs host their own APKs for download.
posted by werkzeuger at 7:49 AM on August 26, 2015 [1 favorite]
posted by werkzeuger at 7:49 AM on August 26, 2015 [1 favorite]
A bit of an aside, but I just tried APKs for FireFox and VLC from the "APK download" site linked by rpn above, and both refused to run. Versions downloaded directly from Mozilla and Videolan.org respectively worked fine.
posted by werkzeuger at 9:45 AM on August 26, 2015
posted by werkzeuger at 9:45 AM on August 26, 2015
Could they modify the program and somehow make it their own?
Yes. With the APK, they could easily rebrand the app, repackage it, and publish it as their own. Or even, with varying degrees of success, decompile the source code, insert malware, repackage it, and publish it as their own. They would not be able to replace yours on the Play Store, however, and assuming that your developer hasn't done something unbelievably stupid like store account credentials in the APK, they wouldn't be able to gain access to any of your accounts.
But as others have said, it's trivial to get an APK, either off the device directly, or by using sites that automatically mirror them from Google Play. If this person had any bad intentions, you refusing to send them the file wouldn't put any barriers in their way.
posted by cmonkey at 9:51 PM on August 27, 2015
Yes. With the APK, they could easily rebrand the app, repackage it, and publish it as their own. Or even, with varying degrees of success, decompile the source code, insert malware, repackage it, and publish it as their own. They would not be able to replace yours on the Play Store, however, and assuming that your developer hasn't done something unbelievably stupid like store account credentials in the APK, they wouldn't be able to gain access to any of your accounts.
But as others have said, it's trivial to get an APK, either off the device directly, or by using sites that automatically mirror them from Google Play. If this person had any bad intentions, you refusing to send them the file wouldn't put any barriers in their way.
posted by cmonkey at 9:51 PM on August 27, 2015
This thread is closed to new comments.
also, many (non-paid) apps do provide old appk files for download - it can be useful if a particular version works when the latest doesn't.
so i wouldn't worry.
posted by andrewcooke at 5:10 AM on August 26, 2015 [1 favorite]