How to Use apkeep 1.0.0 to Download Android Apps for Research

Introduction

If you're researching Android apps—whether for malware analysis, privacy auditing, or comparative studies—you need a reliable tool for downloading APKs. The command-line utility apkeep, now at version 1.0.0, has evolved over four years into a stable, mature solution. This milestone isn't about flashy new features; it's about reaching a steady state where researchers can depend on it for large-scale app acquisition. The latest release brings targeted enhancements for the Google Play Store, including support for Cloud Profile metadata, anonymous authentication via the Aurora Store token, and custom device profiles. Researchers have already used apkeep to download over 21,000 apps in a single study, and projects like Exodus Privacy rely on it for their monitoring tools. This guide walks you through the essential steps to set up and use apkeep for your own Android app research.

What You Need

• A computer running Linux, Windows, macOS (for macOS, install via Homebrew: brew install apkeep)
• apkeep version 1.0.0 (or later) – download from its official repository or use your package manager
• An Android device or emulator (optional, for device profile information)
• Internet connection to access app stores
• Basic familiarity with the command line
• For anonymous Google Play access: an Aurora Store token (generated by the Aurora Store app)

Step-by-Step Instructions

Step 1: Install apkeep on Your System

First, get apkeep installed. The method depends on your operating system:

• Linux/Windows: Download the prebuilt binary from the release page, or compile from source if you prefer.
• macOS: Use Homebrew: open Terminal and run brew install apkeep. This keeps the tool updated via your package manager.
• Android: You can also run apkeep on Android devices themselves using a terminal emulator.

Verify installation by typing apkeep --version – you should see 1.0.0 or later.

Step 2: Set Up Anonymous Authentication (Optional but Recommended)

Downloading apps from Google Play often requires a Google account. For research, you may prefer to stay anonymous. apkeep integrates with the Aurora Store token dispenser to allow anonymous logins. Do the following:

1. Install the Aurora Store app on an Android device (or use an emulator).
2. In Aurora Store's settings, generate an anonymous token – a long alphanumeric string.
3. Copy this token to your computer. In apkeep, you'll provide it with the --token flag. For example: apkeep --token "YOUR_TOKEN" ...

This method avoids sharing any personal Google account credentials while still allowing downloads.

Step 3: Specify a Device Profile

Google Play delivers different app variants depending on the device (e.g., different screen densities, architecture). To get the version that matches a specific device, you can define a device profile. apkeep expects a JSON file containing device specifications (model, manufacturer, etc.).

1. Find or create a device profile. You can extract one from a real Android device using tools like adb.
2. Alternatively, use a generic profile provided by the community. Place the JSON file in a known location.
3. Pass it to apkeep with the --device-profile flag: apkeep --device-profile /path/to/profile.json

This step ensures you download the exact APK that would run on that device, which is critical for compatibility testing or reverse engineering.

Step 4: Download an App and Its Dex Metadata

Now for the core action. apkeep can download the APK file plus additional metadata. One valuable addition in version 1.0.0 is the Dex Metadata file, which contains Google’s Cloud Profiles. These profiles describe app performance characteristics based on real-world usage, helping researchers evaluate dynamic behavior.

1. Choose an app you want to download. Use its package name (e.g., com.example.app) and optionally a version code.
2. Basic command: apkeep --package com.example.app --output ./downloads/
3. To include the Dex Metadata, add the --dex-metadata flag: apkeep --package com.example.app --dex-metadata --output ./downloads/
4. The metadata file will be saved alongside the APK with a .dexmeta extension.

Researchers like Exodus Privacy use this feature to analyze how apps perform under different conditions without needing to run them.

Step 5: Download from Other Stores (Alternative Providers)

apkeep supports multiple app stores beyond Google Play. For example, to download apps from F-Droid (open-source repository), use the --store flag:

1. Specify the store: apkeep --store fdroid --package org.fdroid.fdroid
2. You can also download from other providers listed in apkeep's documentation.

This flexibility lets researchers compare the same app delivered via different sources, helping detect modifications or differences in included libraries.

Step 6: Automate Bulk Downloads

For massive studies, you'll want to download hundreds or thousands of apps. apkeep integrates well with shell scripts. Example:

for pkg in $(cat app_list.txt); do
  apkeep --package "$pkg" --dex-metadata --output ./apps/
done

Remember to include rate-limiting to avoid being blocked. The tool is designed for reliability—one research team downloaded 21,154 apps for a malware study using this exact approach.

Tips for Success

• Token refresh: Aurora Store tokens may expire. Generate a new one periodically if you encounter authentication errors.
• Device profile accuracy: Use a profile from a common phone (e.g., Pixel 6) to maximize compatibility. Incorrect profiles may yield partial or missing APKs.
• Rate limiting: Whether using Google Play or F-Droid, add delays between requests. A simple sleep 2 between iterations can prevent IP bans.
• Metadata analysis: The Cloud Profile data in Dex Metadata is especially useful for evaluating obfuscation or performance tuning. Tools like dexdump can further parse these files.
• Contribute back: If you encounter bugs or want to support new app stores, consider contributing to the project. The tool thrives on community input. And if you find it valuable, consider donating to the Electronic Frontier Foundation (EFF) to support digital rights research.