search

anfreire / updateMe-Mobile

Apache License 2.0
955 stars 31 forks source link

Don't rely on VirusTotal to determine of an app is secure #41

Closed Lenni-builder closed 2 months ago

Lenni-builder commented 2 months ago

Even if apps are clean according to the AVs VirusTotal has it can still include things like token grabbers for the accounts inside of the app. Antiviruses are mostly looking for malicious code trying to access other parts of your device, not things like token grabbers inside of the apps. The sources of most apps seem very sketchy, even the ones marked as "safe". Take a look at #40 as well.

anfreire commented 2 months ago

Thank you for your follow-up concern regarding potential security risks in modded APKs. I appreciate your vigilance in this matter.

You raise a valid point about the limitations of antivirus scans, particularly when it comes to issues like token grabbers within apps. As a fellow modded APK user, I agree that scanning on VirusTotal is a better practice than installing apps without any checks. However, you're correct that even this method isn't foolproof.

Given your concerns, I'm curious: do you have any other viable suggestions for improving security when using modded APKs? I'm always open to ideas that could enhance user safety.

I'd like to reiterate the purpose of Update Me:

  1. It's a tool that collects and provides links to modded APKs, updated daily.

  2. It's designed to simplify the process of finding newer versions of modded apps.

  3. The app itself doesn't build or patch APKs; it's merely an aggregator of links.

  4. This is a non-profit project. I don't receive any payment for this service.

  5. The code, including the scraping script, is open-source for transparency.

The app was created to address a need I personally experienced as a modded APK user. It's a free tool meant to help others who engage in similar practices, with the understanding that users take responsibility for their downloads.

Lenni-builder commented 2 months ago

Thank you for that comprehensive answer, it answered most of my questions. One additional thing: Why do you mark apps from providers that probably spread malware as secure? An example I found is APKDONE: multiple apps there aren't marked as secure/detected by VirusTotal, but you still marked it as a secure source for some other apps: Screenshot_20240909-140614_Update Me~2 Screenshot_20240909-140744_Update Me~2

anfreire commented 2 months ago

To clarify, I don't personally mark any apps as secure or unsafe. This process is entirely automated:

  1. Our scraping script fetches the apps from various sources.
  2. It then checks each app using the VirusTotal API.
  3. If there's even a single suspicion reported by VirusTotal, the script automatically marks the app as unsafe.
  4. Only if VirusTotal reports no suspicions at all is an app marked as safe.