[aptoide] Untrusted *again*?

After recently breaking my Xperia X I finally had no choice but to upgrade to an Xperia 10ii (it is much better then I expected though I would still have preferred a less high device) and am currently setting everything up.

I installed the aptoide store and updated it, after this I was constantly being shown ads and it also seems that the apks found are not what they are supposed to be, specifically I tried finding whatsapp and I got something that was not whatsapp that was 5 times the size of the apk I then downloaded from apkpure/directly from whatsapp.

As I recall we had a breach issue with this store not too long ago as well, could it be we are looking at another such issue?

Can we somehow flag these “bad actors”?

Should Jolla continue to push aptoide if they continue to endanger us?

Aptoide was great and trustworthy at the start, but now I wouldn’t trust it any more than “downloadfreeapksnovirus.com”.

I suggest using the Aurora Store, which is available on F-Droid and gives you access to everything that’s available on the Play Store. You can access it with, and more importantly also without, a Google account, and the only shady applications you’ll find are the ones Google allows in the Play Store.

I agree Aptoide should be removed from the Jolla Store entirely to prevent anyone from accidentally installing malicious applications.

@vige Can Jolla remove the malicious store from the Jolla store and stop recommending it during a clean install?

“Fool me once shame on you, fool me twice shame on me” comes to mind here.

Has that Whatsapp entry in Aptoide had the “ TRUSTED” shield box next to its icon?

@sledges as far as I recall it was the only whatsapp being offered.

I have removed aptoide since it was clearly pushing viruses and currently obtain the apk either directly from the source if they offer direct downloads on their website (whatsapp) or from other more trusted sources.

Yes, the current version of Whatsapp on Apotide is marked as Trusted software:

Untitled916×281 44 KB

@Steve_Everett That looks like a screenshot from the website and not from the store client.

That is true. I do not use (and will not use for the reasons stated) Apotide on my phone. I had assumed the app and the web site would offer the same view of the store, but thinking about it more I’m probably wrong in that assumption because the app will presumably only offer app versions that will run on the phone (architecture and OS version).

Just ignore my previous post!

I just checked: the WhatsApp Messenger offered in the Aptoide app is of correct size and content.

Against all my better judgement I installed the Aptoide store on my phone again, unlike last time I was unable to update the app after installation and it seems the un-updated client actually behaved.

This could mean that the problem only exists in the updated client, or that there was a second transitory issue in August when I tried it.

Though both these options mitigate the severity of the issue a bit, they by no means resolve it.

• If the issue is in the updated client then the mere fact that they are (still) pushing this update is severe and warrants not trusting them any more.
• If the issue was transitory though “less severe” it still casts serious doubts on the trustworthiness/security of aptoide since they seem to have had this issue multiple times.

Why would SFOS offer one or more particular app stores or recommend using them?

Seems the best is to offer Android support and let the user install the store according to preferences. Or add multiple stores, and not recommend one in particular in the documentation.

For example, Fdroid, Amazon app store, or Huawei app gallery all seem more trustworthy than Aptoide.

I don’t know why, but in practise aptoide and F-droid are offered through the Jolla store while others are not.

As I recall aptoide used to be pushed more actively with Android Support in the past.

Wasn’t there was a Jolla curated Aptoide store thing with apps they’d put on there?
The point of which was to have a trustworthy source of apps, as long as you stayed in the Jolla section.
In practice, I was often tempted to search the full store and an eager, uncareful user might easily download unverified software.
Which is why I prefer Aurora these days.

Since the community meeting, there was an additional update in Jolla’s help desk:
How do I install Aptoide Store and Android apps from it? – Jolla Service and Support

Jolla offers a set of marketplaces (Android app stores) that have been agreed with their vendors, as 3rd party offering.

To sum up, the article states that if you notice anything untoward with any store, you should contact its customer support.
While Aptoide may have an unsatisfactory track record compared to other stores, none of them are immune to being compromised in the future, and it’s ours as community duty to report such cases, so they are rectified, and patched up, preventing further exploits.

That was actually just a carbon copy of Aptoide’s official ‘apps’ repo, with one single app missing. It was rather pointless, to be honest.

Didn’t want to start a new thread so I’ll ask my potentially silly question here.

If I download whatsapp apk directly from whatsapp website the version is currently 2.21.24.23. When I search through aptoide they will offer version 2.22.1.10 and there are also loads of different but also bigger version numbers compared to the official version.

At least last time I tried, If I install the official version manually, aptoide starts offering updates to these newer versions. Can they be trusted or how can I verify them to be legit?

what version does aurora offer ?

2.21.24.22 it does

If you download the official apk, better keep track with the whatsapp website and their updates. You’ll get official genuine updates and whatsapp keep their app their up to date.

I usually avoid aptoid all the time, and if I use a store it’s Aurora because it connects to the play store (or better FDroid when an app is available there).

What about APKpure? Any experiences?