Any reason not to give away the apk file for an app?
August 26, 2015 4:02 AM   Subscribe

I have an app on Google Play. It's sort of a niche app. Someone has contacted me and asked if I could send them the apk file because they plan to use the app on an emulator and thus cannot download it from Google Play. Is there any risk in doing this?I'

I'm not a programmer, so I don't know exactly what risks I'm imagining. Could they modify the program and somehow make it their own? Or somehow get access to my google play account or the service I used to create the app? Something else?
posted by anonymous to Computers & Internet (7 answers total) 1 user marked this as a favorite
 
i don't do android development, but as far as i know it's fairly easy to get the apk file anyway. so if there was anything malicious it could already happen.

also, many (non-paid) apps do provide old appk files for download - it can be useful if a particular version works when the latest doesn't.

so i wouldn't worry.
posted by andrewcooke at 5:10 AM on August 26, 2015 [1 favorite]


No risk really, if you send them the signed APK.

But if you are worried, direct them to a site such as APK downloader instead which can download APKs from the play store directly (I only tried it with one APK, and it was identical to the one on my phone from the play store. It is possible for such a service to embed malware into downloaded APKs, but signature wouldn't match though.)

APKs (at least for free apps) can easily be extracted from a phone or from different web services or chrome plugins such as the site I linked to above, so if they wanted to make a copy under their own name the could have easily done it already. It is also possible to get the Play app to work in emulators, but it's a bit trickier.
posted by rpn at 5:31 AM on August 26, 2015 [1 favorite]


No risk really, but it's a bit odd. One would think that if they're a developer, they'd know how to get the APK off of the phone. It's not hard to do. Perhaps they live in a location where they can't use Google Play for some reason? (Although there are almost always workarounds...)

Anyway, no real risk to you that I can think of. Lost sale, I suppose, if it's a paid app.
posted by Kadin2048 at 7:03 AM on August 26, 2015


They aren't a developer, they just asked for the apk to use the app. I have an android tablet that will not work with the Google Play store. I can use whatever came before the Play store and I can use the Amazon store without problems.
posted by soelo at 7:20 AM on August 26, 2015


I use an Android phone but I don't want to have a Google account. To do this I go out of my way to get APKs from sources other than the play store. It requires me to be more vigilant about security, and I really REALLY appreciate when devs host their own APKs for download.
posted by werkzeuger at 7:49 AM on August 26, 2015 [1 favorite]


A bit of an aside, but I just tried APKs for FireFox and VLC from the "APK download" site linked by rpn above, and both refused to run. Versions downloaded directly from Mozilla and Videolan.org respectively worked fine.
posted by werkzeuger at 9:45 AM on August 26, 2015


Could they modify the program and somehow make it their own?

Yes. With the APK, they could easily rebrand the app, repackage it, and publish it as their own. Or even, with varying degrees of success, decompile the source code, insert malware, repackage it, and publish it as their own. They would not be able to replace yours on the Play Store, however, and assuming that your developer hasn't done something unbelievably stupid like store account credentials in the APK, they wouldn't be able to gain access to any of your accounts.

But as others have said, it's trivial to get an APK, either off the device directly, or by using sites that automatically mirror them from Google Play. If this person had any bad intentions, you refusing to send them the file wouldn't put any barriers in their way.
posted by cmonkey at 9:51 PM on August 27, 2015


« Older Help with marriage counseling?   |   Can we keep our relationship intact? Newer »
This thread is closed to new comments.