APKs Archives

AppWizard

March 23, 2026

Google adds ‘Advanced Flow’ for safe APK sideloading on Android

Google has introduced a new mechanism called Advanced Flow within Android to facilitate the sideloading of APKs from unverified developers for power users while enhancing security. This system will launch in August and aims to balance user flexibility with protection against malware and scams, which caused losses of approximately billion last year. To install APKs from unverified developers, users must complete a one-time process that includes activating Developer Mode, confirming they are not influenced by threat actors, restarting the device, and verifying the legitimacy of modifications after a day. Once completed, users can install applications from unverified developers and choose to enable them for a week or indefinitely, with Android providing a warning about the unverified source. The Advanced Flow process is designed to prevent users from being coerced into installing malicious software during scam attempts. Google emphasizes that this system is a compromise between Android's openness and necessary user protections, leading to upcoming developer verification requirements. All Android app publishers will need to undergo identity verification by Google, with non-compliance resulting in blocked software installations on certified Android devices. This verification initiative is now set for rollout in August 2026.

AppWizard

March 20, 2026

Google Unveils New Process For Installing Unverified Android Apps

Google is implementing stricter measures for installing Android applications outside of its Play Store, requiring all apps to be signed by verified developers. Users will now access the Allow Unverified Packages setting through Developer Options, with a 24-hour security delay after device restarts. A limited free developer account option allows only 20 device installations, with a fee and government-issued ID required for more. These changes will affect third-party app stores, which must also comply with the new verification requirements. Scammers may still find ways to bypass these restrictions.

AppWizard

March 20, 2026

Android’s new sideloading rules are here, and they come with a 24-hour lock!

Google has introduced a new sideloading process for Android that includes a 24-hour waiting period and multiple steps for installing apps from unverified developers. The steps are as follows: 1. Enable Developer Mode. 2. Confirm you’re not being coerced into disabling device protections. 3. Restart your phone. 4. Wait 24 hours. 5. Re-authenticate using biometric authentication or a PIN. 6. Install the app, with a warning about its unverified status. This change aims to enhance user safety and protect less experienced users from scams. The new rules will take effect in August, primarily affecting users who sideload apps from third-party sources, while those using the Play Store will not see changes. Google is also requiring app developers to verify their identities to reduce the risk of malicious applications. Exceptions exist for limited distribution apps that can be shared without full verification.

AppWizard

March 11, 2026

X1 Box App Brings Classic Xbox Games To Android, But There’s A Caveat

X1 Box is an Xbox emulator available on Android for .99 through the Google Play Store. It is a fork of the open-source Xemu emulator, with its source code publicly available on GitHub. The decision to monetize X1 Box without compensating the original developers has raised ethical concerns. The Xemu team is developing their own dedicated Android version. Performance evaluations indicate that X1 Box has inconsistent performance, often capped at 30 frames per second, which affects gameplay.

AppWizard

March 11, 2026

New BeatBanker Android malware poses as Starlink app to hijack devices

A newly identified Android malware called BeatBanker disguises itself as a Starlink application on fake Google Play Store websites. It functions as a banking trojan and includes Monero mining capabilities, allowing it to steal credentials and manipulate cryptocurrency transactions. Researchers at Kaspersky traced BeatBanker to campaigns targeting users in Brazil. The latest version uses the BTMOB RAT for remote access, enabling keylogging, screen recording, camera access, GPS tracking, and credential capture. BeatBanker is distributed as an APK file that decrypts and loads hidden code into memory, conducting environment checks before activation. It presents a fake Play Store update screen to trick users into granting permissions for additional payloads. To avoid detection, it delays malicious operations and plays a nearly inaudible MP3 file to maintain persistent activity. The malware uses a modified version of the XMRig miner to mine Monero on Android devices, connecting to mining pools through encrypted TLS connections. It can start or stop mining based on device conditions and uses Firebase Cloud Messaging to relay device information to its command-and-control server. Currently, BeatBanker infections have only been observed in Brazil, but there are concerns about its potential spread. Users are advised to avoid side-loading APKs from untrusted sources and to review app permissions regularly.

AppWizard

February 19, 2026

Massiv: When your IPTV app terminates your savings

Massiv is an Android banking Trojan that disguises itself as legitimate applications, primarily targeting users in southern Europe. It is distributed through side-loading and is capable of remote control over infected devices, enabling Device Takeover attacks that can lead to unauthorized banking transactions. Massiv often masquerades as IPTV applications to attract users seeking online television services. The malware employs overlay functionality to create deceptive screens, keylogging to capture sensitive information, and SMS/Push message interception. It can monitor applications on infected devices and present fake overlays to prompt users for sensitive data. Notably, it has targeted the Portuguese government application gov.pt and connects with Chave Móvel Digital, a digital authentication system, to access victims' banking accounts. Once it captures sensitive data, Massiv allows operators remote access to the device using Android’s AccessibilityService, facilitating real-time observation and manipulation of the user interface. It communicates over a WebSocket channel and supports screen streaming and UI-tree modes for enhanced control. Massiv's distribution includes malware droppers that initially do not contain malicious code but open a WebView to an IPTV website while the actual malware operates in the background. This tactic has increased in recent months, particularly in Spain, Portugal, France, and Turkey. Indicators of compromise include specific SHA-256 hashes and package names associated with the malware. The bot commands allow operators to perform various actions on the infected device, such as clicking coordinates, installing APKs, and showing overlays.

AppWizard

February 17, 2026

New Keenadu backdoor found in Android firmware, Google Play apps

A sophisticated Android malware named Keenadu has been discovered embedded in the firmware of various device brands, compromising all installed applications and granting unrestricted control over infected devices. It employs multiple distribution methods, including compromised firmware images delivered over-the-air, access via backdoors, embedding in system applications, modified applications from unofficial channels, and infiltration through apps on Google Play. As of February 2026, Keenadu has been confirmed on approximately 13,000 devices, primarily in Russia, Japan, Germany, Brazil, and the Netherlands. The firmware-integrated variant remains dormant if the device's language or timezone is associated with China and ceases to function without the Google Play Store and Play Services. While currently focused on ad fraud, Keenadu has extensive capabilities for data theft and risky actions on compromised devices. A variant embedded in system applications has limited functionality but elevated privileges to install apps without user notification. The malware has been detected in the firmware of Android tablets from various manufacturers, including the Alldocube iPlay 50 mini Pro. Kaspersky has detailed how Keenadu compromises the libandroid_runtime.so component, making it difficult to remove with standard Android OS tools. Users are advised to seek clean firmware versions or consider replacing compromised devices with products from trusted vendors.

BetaBeacon

February 10, 2026

Download Google Play Store (free) for Android, APK and Web App

The Google Play Store is essential for Android users to access a wide collection of trusted and regularly updated applications.

Winsage

January 31, 2026

I tried QuickLook for Windows, and now I won’t give it up

The author transitioned from Windows to Mac and discovered macOS features like Spotlight Search, Hot Corners, a built-in file converter, and QuickLook, which enhanced their user experience. Upon returning to Windows, they sought alternatives and found the QuickLook app, which allows users to preview files by selecting them and pressing the space bar. QuickLook can be downloaded from the Microsoft Store and operates system-wide, enabling previews of various file types, including documents, images, media files, and compressed ZIP files. The app also allows basic modifications, such as editing text in Word documents and cropping images. QuickLook improves file browsing in Windows File Explorer and Open/Save dialog boxes and supports plugins for specialized file types.

BetaBeacon

January 7, 2026

Google Updates Play Store Policies for Paid Game Trials on Android

The Play Store version 49.6.19-29 hints at a new feature that could revolutionize the way users interact with paid Android games. This feature would allow users to test premium games for free for a limited time, essentially turning them into timed demos without the need for additional apps or features.