How secure is apkpure.com?

There is an easy way to check this: compare APKs from apkpure with APKs from Google Play Store.

Method:
1- download the package from Apkpure
2- download exact same version package from Google Play (there are tools for this), and same architecture
3- unzip the packages in two directories (normal APK are ZIP files actually), like in dir1/ and dir2/
4- diff -r dir1 diff2

If you see no difference, the packages are the same.

I did the test with magic-earth-navigation-maps_7.1.20.16.1A44191D.892EDFD5 armeabi_v7a and the diff shows no difference.

Apkpure is generally considered safe, as they don’t modify packages like some other APK repositories sometimes do.

So, the Magic Earth APK that we have in our prebuilt apk repository comres form apkpure.

However, I see that:
1- the package has not been updated recently, so we have to check this issue
2- I agree it would be safer to use the package directly from the initial source, so we are going to change this in next builds.

We will discuss this with the team on Monday.

Also, I’ll see with General Magic if they can provide latest builds directly to us.

And regarding Magic Earth in particular, expect some good news in the coming months.

Thanks for having raised this concern and stay tuned.

11 Likes

Thx for clarification. I would try to compare, but the version you are using in your sources
Magic_Earth_Navigation_Maps_v7.1.20.2.9A95B974.C17C098B_apkpure.com.apk
is not available in playstore

Because:

Th/e/y know they violate TOS and laws, but they do it anyway. Only people who want to be part of a criminal conspiracy to defraud and steal from Google will stay involved if they are clear about this.

Hi @pandemonium,
Welcome to /e/land !

Th/e/y know they violate TOS and laws, but they do it anyway.

NO,
The /e/OS development team has to respect the rules dicted by the others software editors.
in this way they have managed the apps-installer.

Aurora seems to be a neutral Russian-Hackers service to connect the Goolag-Store. (NO MODIFICATIONS ON THE APPS ARE POSSIBLE)
Apkpure seems to be a store that redistribute the apps (MODIFICATIONS ON THE APPS ARE POSSIBLE)

Only people who want to be part of a criminal conspiracy to defraud and steal from Google will stay involved if they are clear about this.

NO, the European Parliament is not a criminal association, and they refuse the anglosaxon notion of the software propriety.

Users make their choices
BUT
Don’t Forget that Gogol is a defrauder and stealer company.
Don’t Forget that many laws are illegitimate

3 Likes

haha what is it with these people who try to discredit /e/ …?

1 Like

The question is, can you steel something that’s free? How can websites such as apkpure exist? They would have been sued by Google, I’m sure. So probably they can’t. That would make it legal.

2 Likes

Ok, so the other side is trolling … and this here is then somehow different, substance-wise?
Apart from this “Tee-hee, in Kindergarten we spell evil companies wrong deliberately because they’re so evil, that will show them, tee-hee!” somehow never ever having a positive effect on the sincerity of an argument, but that’s just me :wink: .

That’s a stretch.
Not sueing doesn’t make stuff legal by default.

Perhaps when they felt bored and wanted to annoy /e/ at some point, Google’s legal department would start with looking at the /e/ logo, which screams at you “Hey, we took the Google ‘G’, mirrored it vertically, shortened the arc a little and slightly rearranged the colours, might that be just enough design change to prevent you from sueing us, Google :wink: ?”


Anyway, if the Google Play Store ToS are in play … which ones are they now?
There are https://play.google.com/about/play-terms/index.html and https://www.google.com/mobile/android/market-tos.html … both are “Google Play Terms of Service”, and they are different.

The first ones can be currently reached via e.g. the Play Store website and seem more lenient to me, while the second ones include section 3.3, which was brought up in Play Store access arguments in the past, it seems.

Edit: Ah, there’s a hint in the company name … they are currently “Google LLC”, while they were “Google Inc.” in the past, so it would seem the second ToS are obsolete.

So, how are /e/ violating the Google Play Store ToS then?
(I almost forgot my question, and I baselessly blame you all :slight_smile: .)

1 Like

I think you missed this: “So probably they can’t.” It was about apkpure, existing since 2014, still does. I think you cant forbid spreading free apps. You can’t steel free stuff.

Stealing has something to do with property, and nothing with whether there’s a price tag.
But that’s not the point anyway.

You can violate terms without stealing, question is: does anybody violate terms here?

Just want to come back to the initial question.

I personally do not mind that apps come from. But as Magic Earth is a system app and e.foundation as some kind of agreement with them, wouldn’t it be possible to get it directly from MagicEarth - as Google, Amazon and Apple are doing? That could even allow /e/ to appear on their website as source for their app (see attached mockup).
I am not a tech person but if this would be possible other app developers could deliver their apps as well directly.
So my question would be: Would that be feasible without too much technical effort?

6 Likes

I trust more ApkPure than Google’s Play Store, hahaha. :rofl:

Sorry couldn’t resist.

4 Likes

Read here:  

3 Likes

People can upload altered apps to Apkpure which means they could be infected with a nefarious payload or backdoor. APK Pure might tell you if the signature is different from the actual app but it will still let you download an altered app. I do get the need to use third party app stores at times but I try to at least limit my use to only when needed.

If you want trusted apps use:
F-Droid
Aurora - From F-droid. It downloads directly from the PlayStore.

Do you know Exodus Privacy? It shows a list of trackers and permissions of many Android apps. Wonderful organisation.
MagicEarth has zero trackers. Not bad!

Mega has one tracker: Google Firebase Analytics.

1 Like

Pls have a look here

And for tracker checking ClassyShark from f-droid is much better

MagicEarth received good data protection analysis results on a site called mobilsicher too. Otherwise it’s good to check apps from time to time - not only MagicEarth - with Checkey. Open Checkey, tap on the App and submit it to VirusTotal (with the symbol similar to SUM, three dots, open in browser) and check the details there. It works fine here with MagicEarth. Only sometimes e.g. with Delta.Chat it shows “Item not found”. Those hashes help to assure that it’s a known apk and nobody tampered with that “in between”.

1 Like

I managed to get the trackers in an app in iOS changed by searching on ExodusPrivacy and mentioning their Google trackers in a review of this iOS app. And pleading for open source. Many iOS apps have Google trackers too. They changed their trackers into two MS trackers.
Not ideal either, but no Google.

If you’re going to accuse people of criminal conspiracy you’d better (a) state what criminal laws they’ve conspired to break, and how – say UK laws (and bearing in mind UK libel law) – and (b) report the conspiracy so as not to be complicit.

So, what does the signature on the app say, since you’re getting worked up?

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.