Android - How safe is it to use Aptoide?

Thank you for raising these questions. Here is some information about Aptoide that I hope is useful for you and the Stackexchange/Android community:

  1. Malware is something that we take very seriously. Currently, we have 3 different systems to detect malware as they arrive in any Aptoide-powered app store:
    • we run 3 different anti-virus in emulators in run-time
    • we have an in-house system of signatures to detect recurring threats
    • we have implemented a chain of trust based in the signature of the developer
  2. The task of creating a safe environment to the end user is a moving target. We are working with several universities and research centres and in a recent article (not yet published) we compare well with the other app stores. We also proposed a European research project with 2 anti-virus companies and 3 universities / research centres to deal with this topic. There is a lot of work to be done and the feedback of the community is important.
  3. F-Droid is in fact very similar to Aptoide. They are a fork of Aptoide and they maintain all the concepts we developed, like multiple stores. They have a more centralised approach and a central signature which if of course different from our approach.
  4. At Aptoide we have the "Trusted" stamp. If you see the Trusted stamp in an app, we are 99.99% certain that the app doesn't contain a threat to the end-user.

Best,
Paulo Trezentos (Aptoide co-founder)


After Paulo's answer, some more mail exchanges with him, I already wrote a detailed description in my answer to another question – and also in an article on my own site: Android Markets: How safe are alternative sources?

Following that, I kept a close watch on Aptoide ever since then, and still do – so let me add a few more details (including some points already mentioned before, for context):

  • Aptoide is not a "single area for apps" like Google Play or the Amazon App-Store. It's rather comparable to what Launchpad is for Ubuntu: Everyone and his little sister can open their own repository here, which is presented as a "store" separated from the others. There's a global search (for apps and stores), though.
  • There's only one repository which is "manually curated" by Aptoide itself, called "Apps". Here the Aptoide team decides what apps are entering the repository. Here I …
    • didn't find a single "pirated payed app", be it for money or for free
    • checked the signatures of some apps and found them matching those from Google Play for all I checked
    • don't remember any app without the "trusted" stamp (meaning, the so marked app has been checked for malware with multiple scanners (including Aptoide's own "bouncer"), signatures have been verified to match those of other markets (mostly Google Play), and more – see my already mentioned other answer for details on this)

So my conclusion is in fact it is pretty safe to use this repository.

However, I've also taken a look at several of the other repositories – where you indeed can find lots of obviously "pirated apps" (payed apps from GPlay "for free" are always a signal for that). At those places, not only was the "trusted" stamp missing often – but instead I frequently found the "untrusted" stamp – which means the app was probably contamined (details differed; most often I found the signature to be the issue: "it was used elsewhere to sign another developers package" is 99% sure to indicate a "hack").


Summed up: A general answer cannot be given here (that would be answering the question whether "the Earth" is a safe place to live). How safe it is to use Aptoide pretty much depends on your choice of the repository. One is known to be manually curated and, I dare say, as safe as Google Play, Amazon App Store, and others. A few can be assumed as pretty safe – especially if you know so about their owners, and stick to apps showing the "trusted" shield.

Avoid apps not being assigned the (currently green) "trusted" shield, especially stay well clear of those showing the (currently yellow) "untrusted" shield, best also stick to the Apps repository alone – and Aptoide should be a safe place for you.

I consider the Apps repository safe enough to link it from my app lists – next to F-Droid and Google Play.


Aptoide is a known piracy site for Android apps. If you think any site that knowingly distributes pirated software is safe, you are being pretty optimistic.