apkeep 1.0.0: A Major Milestone for Android App Downloading and Research

Introduction

After more than four years of steady development, the command-line Android package downloader apkeep has reached a significant milestone with its version 1.0.0 release. This update does not introduce a radical overhaul but rather marks a point of stability and maturity, reflecting the gradual improvements made since the project's inception. Researchers and casual users alike now have a reliable tool for downloading Android packages from multiple sources, with a strong focus on the Google Play Store.

What's New in Version 1.0.0

The latest release packs several enhancements, all centered on improving the Google Play Store experience:

• Download Dex Metadata with Cloud Profiles: Users can now retrieve a dex metadata file associated with an app that contains Google's Cloud Profile. This file provides insight into app performance based on real-world usage, a valuable resource for dynamic testing and analysis.
• Anonymous Login via Aurora Store Token: A new option allows users to provide a token generated by the Aurora Store's dispenser, enabling anonymous authentication for app downloads without exposing personal credentials.
• Custom Device Profiles: When downloading from Google Play, users can specify their own device profiles. Google Play uses this information to deliver the app variant that best matches the given device specifications.
• Authentication Bug Fix: A bug introduced by recent changes to the Play Store API has been resolved, ensuring smoother downloads.

Additionally, apkeep has been included in Homebrew for macOS users since the October release, expanding its accessibility beyond Linux, Windows, and Android environments.

How Researchers Leverage apkeep

The new features, particularly the dex metadata retrieval, were driven by requests from researchers. They use this data to understand how Android compilation profiles can inform dynamic testing. apkeep has become a staple in many research workflows. For instance, the Exodus Privacy project uses it to power its εxodus tool, monitoring the privacy properties of apps by automating downloads. Several academic papers have cited apkeep; one team even downloaded over 21,000 apps to study evasive malware on Android. This release solidifies apkeep as a dependable component in the researcher's toolbox.

Future Directions for apkeep

The project's core goals remain unchanged: provide a fast, reliable, and safe way to download apps from multiple providers. While Google Play is the primary focus, support has been added for alternative stores like F-Droid, which serves open-source apps. The team aims to broaden support for additional providers, making it easier to perform comparative analyses of apps across different ecosystems. Community contributions are highly encouraged to achieve this expansion.

How You Can Help

If you use apkeep for malware analysis, app auditing, archiving, or any other purpose, the team would love to hear about your use case. Sharing feedback helps improve the tool. And if you appreciate the work behind apkeep, consider donating to the Electronic Frontier Foundation (EFF) to support continued development and digital rights advocacy.