Google Play Store is the default place to get most of the apps you need on your Android. However, there are some apps that you want for free or simply it’s not on the Play Store. Therefore, we download the apps from random websites as APK files and install them on our device. But what about security? Is it safe to download and install a third-party app on your device?
Of course, not, people tamper with apps and merge malicious files with it. Then they social engineer the app and use it to hack and exploit people. There are many people whose mobile has been hacked, and they don’t even know it. It is very unfortunate that people lost their privacy and didn’t even know it, but can we prevent this?
Table of Contents
How To Find Whether An APK File Is Safe Or Not?
For those who are concern about the security of their mobile phone, we have a solution. However, it is most important that you use your brain first. If you are careful enough not to download any shady application from a shady site, you will be safe; however, if there is an important app that you want to install but sure whether it’s safe or not. Then just follow the solutions mentioned below. You can only use one method to ensure whether it’s a safe app or not.
Method 1: Checking Hash
Hash is kinda like a digital fingerprint of the app. Checking it will tell you whether the app has been modified or not.
To check the HASH of the APK file, firstly go to the Google Play store, search for HashDroid, and install the application.
Launch the HAshdroid app, go to the Hash A File tab, select a Hash Function such as SHA-256, MD5, SHA-1, etc.
After you have selected the hash function, click on the Click here to select a file to hash option and upload the APK file that you wanna check. Lastly, click on the calculate button, and the result will be displayed shortly.
Click on the Copy checksum to clipboard because we are gonna need that info to determine whether its a safe app or not.
How can we tell that the APK file is safe just by looking at the Hash? Well, there is one more thing that you must do after you have checked the hash. Open up the web browser on your device, and go to the APKTOVIChecker Tool website.
Now Click on the Click upload APK file button and upload the suspected APK. Wait for the service to check it’s hash, and you will get the result in SHA1 hash.
The service will automatically tell you whether the app file has been modified or not.
You must check both the checksums. If both are similar, the app has not been modified and safe. If the checksums are not similar, the app has been modified, and it’s risky to install the app.
Method 2: Scanning the APK with VirusTotal
VirusTotal is one such Website that enables you to upload the APK on the website and check whether the app is safe or not. The service as a huge library of viruses and malicious files. So it will pick up any suspicious code or file related to the APK and file and will notify you. Moreover, you can also analyze the URL, IP, etc. using the VirusTotal service.
To use it, simply open up your browser and go to the VirusTotal webpage, click on the Choose File button upload the APK file. Once uploaded, click on the Scan it button, and you will get the result shortly.
VirusTotal uses multiple antivirus engines so it can detect a wide range of malicious files. However, the site only allows you to upload 128MB of files, so you won’t be able to scan apps that are larger than 128MB.
Method 3: Scanning the APK with MetaDefender
Respective to VirusTotal, MetaDefender is an alternative; however, the service provides with you much more details of the scan. Even more, there are no size limits. Therefore you can also check large games and apps on this site.
If you have used VirusTotal to check the APK file, check it with MetaDefender to make sure that the application is completely safe.
To check your APK, visit the MetaDefender site, click on the Paper clip icon in the Search box.
Upload the APK file to the website, and click on the Blue Process button to start the process.
You will get the result shortly, and then you can determine whether the app is safe or not.
To check whether the APK file is safe or not, firstly go to the Google Play store and download Hashdroid. Using Hashdroid, you can check and compare the hashes of the app. Moreover, you can match the result with another service such as Apktovi checker Tool. Match both of the hash results. If both are similar, it means the app is safe and not modified.
Lastly, you can use the services like VirusTotal or Metadefender to check if there is any malicious file embedded to the APK, so open up the web browser, go either one of the services, upload the APK file and see the results. Also, you can check the hash first, then check it with the Virus total, compare the hash to be extra sure.