digital signature Archives

AppWizard

December 1, 2025

Popular YouTube app for Android TV ‘SmartTube’ compromised with malware

The developer of SmartTube, an ad-free YouTube client for Android TV, confirmed a security breach involving the app's signing key, which allowed malicious actors to inject harmful code into app updates. The breach was disclosed by Yuriy Yuliskov, the maintainer, who advised users to avoid reinstalling the old app and instead wait for a newly signed version. A reverse-engineering analysis of the infected APKs revealed that they were gathering sensitive information and transmitting it to a remote server. Versions 28.56 to 30.52 were particularly affected, and Google Play Protect began disabling installations of SmartTube. In response, Yuliskov wiped his hard drive and released a new version, 30.56, with a different signing key and app ID. Transparency concerns remain, and the developer plans to disclose details about the breach and measures to prevent future incidents. Users have requested additional security assurances, including hashes of clean builds.

AppWizard

December 1, 2025

That popular YouTube alternative on Android TV was secretly distributing infected builds

SmartTube, a popular YouTube application for Android TV and Fire TV, was removed from these platforms due to malware that compromised the developer's build machine. Some versions released earlier this month contained this malware. Users are advised to reset their devices and review their YouTube and Google account information. Initially, it was thought that a digital signature leak was the reason for the app's removal, but it was later confirmed that the build environment was compromised. The developers are investigating which specific versions were affected, with versions 30.43 and 30.47 flagged as malicious. A new version, build number 30.56, has been released from a secure environment, but previous versions have been removed from GitHub. Users are recommended to perform a factory reset, review account permissions, and check YouTube activity for unusual activity.

AppWizard

December 1, 2025

SmartTube app was infected by malware, here’s what happened

Google Play Protect disabled the SmartTube app on Android TV, labeling it as potentially harmful due to a compromised digital signature. The developer, Yuliskov, confirmed that the signature breach allowed for the creation of counterfeit app versions that could carry malware. A user discovered that SmartTube version 30.51 contained a hidden library that collected device-specific information and transmitted it to external servers, raising concerns about botnet activity. Certain versions of SmartTube, specifically 30.43 and 30.47, were confirmed to have been compromised due to malware on the developer's computer. Users were advised to uninstall infected versions, including 28.56, 28.58, 28.66, 28.75, 28.78, 29.13, 29.37, 29.62, 29.63, 29.85, 30.27, 30.32, 30.38, 30.40, 30.43, 30.44, 30.45, and 30.51, and to download the newly released safe version from trusted sources. Yuliskov assured users that the compromised computer has been cleaned and that new releases are secure.

AppWizard

November 27, 2025

PSA: Google has disabled the best YouTube app on Android TV, but for good reason

Google has disabled the SmartTube app on various Android TV devices, including NVIDIA Shield TV, Walmart Onn boxes, and certain Sony and TCL TVs, due to it being flagged by Google Play Protect. The app's developer, yuliskov, confirmed that the app's digital signature was compromised, prompting plans to transition to a new digital signature and app identifier. Users do not need to uninstall the existing version, but the new version will be released as a separate app requiring reconfiguration. Some users have suggested disabling Google Play Protect to regain access, but it is recommended to keep it enabled for security. The SmartTube app offers features like SponsorBlock support, live chat, picture-in-picture mode, and customizable video quality settings.