How to identify safe APK files?

[Kurt Pattinson]

Give me some precious advices dear all the pros :>

 

[ocnbrze]

you can't....that is the thing. you can sort of trust where you download them from though.

 

[Kurt Pattinson]

you can't....that is the thing. you can sort of trust where you download them from thoug
as far as i knew, when the developer decides to put an

you can't....that is the thing. you can sort of trust where you download them from though.

that was pretty vague, wasn't it? origin APK files from Google Play Store will be more trustworthy, but too bad there is no way to tell it, isn't it??

 

[Hadron]

Well let's rephrase the question: "how can you tell that any software is safe?". There's nothing special about apk files in this respect.
I can think of a few ways:

• If you have the source code you can analyse it yourself (if you have the knowledge, which your average user does not). But most apps are closed source.
• If you have the md5 checksum for a known safe copy of that apk you can check whether the copy you have matches. But that will rarely be the case.
• You can use security software that will scan the app before install for known malware signatures (many security apps can do this). But it will only pick up known malware, and all of these things produce false positives at times.
• Or if you have the time you can install an app on a test device and check, over a period of time, whether any bad behaviour results. Obviously you should only test one app at a time on a particular test device. Not really practical.

This is why for most people the most practical solution is to only download from a trusted source. You can use an anti-malware app to scan first if you want a second reassurance, but as noted these things can never be perfect.

(I won't call them "anti-virus" because android malware isn't of the virus type, and I prefer to use technical terms accurately).