APK files Archives

AppWizard

June 21, 2026

Sideloading Android apps is great — until you have to update them. Here’s my fix

Obtainium is a free and open-source sideload manager designed to simplify the updating process for sideloaded Android applications. Users can add their sideloaded apps to Obtainium’s tracking list after a one-time setup, allowing the app to monitor these sources for updates in the background. Obtainium supports various sources, including GitHub, GitLab, F-Droid, APKMirror, and Uptodown. The app checks for updates every six hours and can either download and install updates automatically or notify the user. Setting up Obtainium involves downloading the APK, adding app source URLs, and ensuring the correct source is used for each app. However, it has limitations, such as relying on HTML scraping for websites without an API and potential API rate limits for GitHub apps. Additionally, Obtainium may have read-only access to certain sites, requiring users to manually update apps in some cases.

AppWizard

June 16, 2026

New Rokarolla Android malware targets 217 banking, crypto apps

A new Android banking trojan named Rokarolla targets 217 banking and cryptocurrency applications and features 137 commands for malicious activities. It is distributed via deceptive websites posing as legitimate application sources and impersonates Google Play Protect to lure users into installing infected apps. Once installed, it seeks Accessibility service permissions and access to notifications, SMS, and calls. Rokarolla communicates with a command-and-control server, sending device profiles to generate unique identifiers for victims. Its primary goal is to steal financial information by using deceptive login overlays to capture sensitive data and maintain control over the device. The malware employs evasion tactics such as disabling Google Play Protect, hiding its icon, silencing notifications, and keeping the screen awake. It can steal SMS messages, extract contacts, capture keystrokes, record screen content, manipulate clipboard contents, block calls, and take screenshots. Zimperium confirms that Rokarolla is not found on Google Play, and users are advised to avoid downloading APK files from untrusted sources and to be cautious with Accessibility permissions.

AppWizard

June 5, 2026

NewPipe, other open-source apps are preparing users for Google’s sideloading crackdown on Android

Developers of open-source Android applications, including NewPipe, are concerned about Google's upcoming restrictions on sideloading, which allows users to install apps from outside the Google Play Store. Starting in September, Google will require developers to register for a developer account, verify their identity, and pay a fee. Users will still be able to sideload apps from those who opt out, but the process will become more complicated, including a 24-hour lockout period for installing "unverified" apps. Other open-source applications, like whoBIRD, are also warning users about these changes and sharing methods to bypass the new requirements. Users can still enable sideloading for all apps after the initial waiting period.

AppWizard

May 13, 2026

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Google introduced a new opt-in feature for Android users called Intrusion Logging, which enhances the analysis of spyware attacks as part of the Advanced Protection Mode. Developed with Amnesty International and Reporters Without Borders, it logs daily device and network activities, including app activity, installations, network connections, file transfers, system certificate modifications, and device lock events. The log data is encrypted and stored securely, accessible only to the device owner. Logs are retained for 12 months and cannot be deleted by users before expiration, though they can be downloaded for offline storage. Intrusion Logging also records network events during Chrome's Incognito mode. This feature is beneficial for high-risk individuals who may be targets of surveillance. Users can access the logs through the Settings app, and the rollout is underway for devices with the Android 16 December update and newer. Additionally, Google announced other privacy and security features, including a verified financial call feature to combat scams, expansion of Live Threat Detection, evaluation of APK files for malware, revocation of accessibility services API access from non-designated apps, and enhancements to Find Hub's Mark as Lost feature. Other updates include improved device recovery options, enhanced privacy controls, introduction of AISeal with pKVM, expansion of Binary Transparency, protection against OTP theft, and strengthening data protection with post-quantum cryptography.

AppWizard

May 9, 2026

A review of ‘Obtainium,’ an Android app distributed solely on GitHub that allows you to install, manage, and automatically update apps similar to F-Droid.

Obtainium is a tool designed to streamline the update process for Android applications distributed through platforms like GitHub. It supports over 10 app distribution sites, offers compatibility with various release methods, and allows customizable filtering and settings. Users can extract APK files from HTML and share app settings through data import and export functionalities. To install Obtainium, users can download it from GitHub, IzzyOnDroid, or F-Droid, with a focus on installing via F-Droid. The installation process involves opening the official GitHub repository, tapping the F-Droid banner, and following prompts to install and launch the app. Upon first launch, users must allow notification permissions and adjust battery settings. To add apps, users enter the app source URL and select the appropriate source. Obtainium may request permissions to install unknown apps during installation. The app includes an Import/Export tab for managing app settings and a Settings tab for customizing update intervals, source-specific settings, themes, and app sorting preferences.

AppWizard

May 5, 2026

FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware

A fraud network called FEMITBOT has emerged, using Telegram's Mini App feature to conduct investment scams and distribute malware. Identified by the research firm CTM360, the network operates through API responses and presents itself as organized. The scams involve Telegram Mini Apps that display phishing pages, fake dashboards showing fictitious earnings, and urgency tactics to pressure users into making quick decisions. FEMITBOT mimics well-known brands like Apple and Coca-Cola to enhance credibility and disseminates Android malware disguised as legitimate applications. The operation is highly organized, utilizing marketing tools to optimize their scams. Users are warned to be cautious of bots requesting deposits before granting access to funds.

AppWizard

May 4, 2026

‘F-Droid’ allows you to easily install and automatically update free, open-source Android apps other than those on Google Play.

Google Play is a primary platform for Android app distribution but poses challenges for developers of free and open-source software due to registration fees and a strict review process. As an alternative, users can install apps via APK files, which allow direct installation but come with security risks. F-Droid is a dedicated repository for free and open-source Android applications, offering built-in update notifications and support. To use F-Droid, users must manually install the app from its official website. After installation, users can navigate the interface to find and install apps, grant permissions for updates, and manage app installations, including enabling settings for unknown sources. F-Droid provides a user-friendly experience for locating and updating apps, ensuring that users have access to secure and regularly updated software.

AppWizard

May 3, 2026

Telegram Mini Apps abused for crypto scams, Android malware delivery

Cybersecurity researchers have identified a fraud operation named FEMITBOT that exploits Telegram’s Mini App feature to conduct various crypto scams, impersonate reputable brands, and distribute Android malware. This operation uses a unique string in API responses and employs Telegram bots with embedded Mini Apps to create convincing app-like experiences. The scams include fraudulent cryptocurrency platforms and financial services, with impersonation of brands like Apple, Coca-Cola, Disney, eBay, IBM, Moon Pay, NVIDIA, and YouKu. The operation utilizes a shared backend infrastructure, allowing multiple phishing domains to use the same API response. Users interacting with the bots are shown phishing pages within Telegram’s WebView, often featuring fake balances and urgency tactics to prompt deposits or referrals. Additionally, some Mini Apps attempt to distribute malware disguised as legitimate Android APKs. Users are advised to be cautious when engaging with Telegram bots related to cryptocurrency investments and to avoid sideloading APK files.

AppWizard

April 27, 2026

LivU Chat App Download Guide: How To Install The APK On Android

Android users often seek APK files for app installations to ensure compatibility and a reliable download path. For the LivU chat app, it is recommended to start from the official website to avoid outdated versions. Users should check their device for sufficient storage, an up-to-date operating system, and a stable internet connection before installation. The installation process involves downloading the app, reviewing permissions, and completing the setup by creating or signing into an account. Common installation issues include low storage, interrupted connections, and unsupported Android versions, which can often be resolved by restarting the device or ensuring a stable network.

AppWizard

April 21, 2026

NGate NFC malware targets Android users through trojanized payment app

NFC-based payment fraud targeting Android users in Brazil has been linked to a campaign using a trojanized version of the HandyPay app, part of the NGate malware family, since November 2025. The malware is distributed through a counterfeit website mimicking a lottery and a fraudulent Google Play page. The operators chose HandyPay for its low cost and minimal permissions required. The malware requests users to set it as the default NFC payment app, allowing it to capture payment card PINs and relay NFC card data to attackers. ESET Research identified this campaign and discovered logs from compromised devices containing sensitive information. The trojanized app has never been on the official Google Play store, and ESET has notified Google and the HandyPay developer about the issue.