Introduction
The apkeep project, a command-line tool for downloading Android packages, has reached its 1.0.0 milestone after more than four years of incremental development. This release does not signify a radical overhaul; rather, it marks a period of stability and maturity. Researchers, developers, and privacy advocates have come to rely on apkeep for its ability to fetch APK files from multiple sources, most notably the Google Play Store and F-Droid. With the 1.0.0 version, the tool introduces several targeted improvements aimed at both everyday users and the academic community.
What’s New in apkeep 1.0.0
The latest release focuses on enhancements for the Google Play Store, adding three key capabilities and fixing a long‑standing authentication bug. These features were largely driven by community requests and research needs.
- Dex Metadata and Cloud Profiles: Users can now download the dex metadata file associated with an app. This file contains a Cloud Profile, which Google compiles from real‑world usage data. The profile provides insights into app performance characteristics—valuable for researchers evaluating dynamic testing results.
- Anonymous Login via Aurora Store Token: apkeep now supports tokens generated by the Aurora Store’s dispenser, enabling anonymous authentication for Google Play downloads. This allows users to bypass log‑in requirements without exposing personal accounts.
- Custom Device Profiles: When downloading from Google Play, the store delivers different APK variants depending on the device’s specifications (e.g., screen density, Android version, chipset). apkeep now lets users specify their own device profile, ensuring they receive the exact variant intended for a particular hardware configuration.
- Bug Fix: An authentication issue introduced by an update to the Play Store API has been resolved.
Beyond these features, apkeep is now available via Homebrew for macOS users, adding to its existing support for Linux, Windows, and Android environments.
How Researchers Use apkeep to Understand the Android App Landscape
The new dex metadata feature directly supports research into Android compilation profiles. These Cloud Profiles, typically hidden from users, can reveal how apps behave in real‑world conditions—information crucial for evaluating the effectiveness of dynamic analysis techniques. Researchers contributed this feature to apkeep after identifying it as a gap in existing tools.
Several projects have integrated apkeep into their workflows. Exodus Privacy, a well‑known privacy monitoring platform, uses apkeep as the download engine behind its εxodus tool. This allows Exodus to automatically fetch apps and examine their trackers and permissions. Similarly, academic papers have cited apkeep; one team downloaded over 21,000 apps to conduct a large‑scale study of evasive malware on Android. apkeep’s reliability and speed made it the backbone of that data collection.
The tool’s command‑line interface makes it ideal for automated scripts and batch processing, which are common in research environments. Researchers can integrate apkeep into their pipelines to gather APKs from multiple stores without manual intervention.
What’s in Store for apkeep
The project’s core mission remains unchanged: providing a fast, reliable, and safe way to download apps from diverse app providers. While the Google Play Store is the primary focus, apkeep already supports open‑source repositories like F‑Droid. The team plans to expand that list, making it easier to perform comparative analyses of apps across different distribution contexts.
Future development will depend on community input and contributions. The goal is to create a universal downloader that works seamlessly with any Android app store, enabling researchers to gather app data without being locked into a single vendor’s ecosystem.
How You Can Help
If you use apkeep—whether for malware analysis, app auditing, or simply for archiving—the developers want to hear from you. Feedback helps shape priorities and uncover new use cases. Additionally, if you appreciate the tool, consider supporting the organization behind it: the Electronic Frontier Foundation (EFF). Donations directly fund the maintenance and improvement of apkeep and other privacy‑preserving projects.
Contributions are also welcome in the form of code, documentation, or feature requests. The more people who rely on apkeep, the stronger the tool becomes for everyone.