Request: open source the APKM format

[AndroidDeveloperLB]

I just noticed that the APK-mirror app was published: https://twitter.com/ArtemR/status/1241436033801048064 https://play.google.com/store/apps/details?id=com.apkmirror.helper.prod

However, I noticed that it requires APKM file, which doesn't seem like a standard any app can use. Not even the SAI app. Not only that, but it's not a known zipped/compressed file. I can't get inside of it and do anything with its content (example is delete what's not needed to have just what I need, or have a mod of it, etc...) on the PC, let alone on Android. And, as opposed to SAI, this app isn't open sourced so nobody can see how to handle this file. It's not nice to create a split APK file format that nobody else can use. There are already too many of those standards, and APK mirror is very popular. I expected APK mirror to lead on this and create something that everyone would follow. Going to APK mirror website, downloading single APK files was free for all and users could use the APK file right away. It would be a shame going from something that worked for all, to something that requires an app. Let Android installs be free... If there is an app that offers it (SAI) and even websites that do it (such as APKpure), why should the beloved APK mirror website not have it?

Remember this: https://xkcd.com/927/

Please open source this format or document it, or at least give users the choice on the website to download a zip file of the APK files, just like SAI app allows to handle , so that users could always choose which app to handle split-apk files.

EDIT: requested from Google to make an official standard, here. Really hate that each website/app/service decides on some random standard of its own. Whoever reads this, please consider starring it.

[rodger-rulez]

+1

[AndroidDeveloperLB]

I've updated the question to hold a request from Google, to have an official standard for this. Really hate having multiple standards

[archon810]

Hi,

We understand this concern and knew some people wouldn't be happy with our decision, but we're not going to open source .apkm at this time. There are several reasons for choosing an encrypted format that cannot be modified or extracted without the app, the biggest one being copycat sites that have popped up since APKMirror.com came out and gained popularity, and have been lifting not only our site design and structure, sometimes to a T, but also the hosted content.

For example, apkdot.com constantly jacks all content from APKMirror.com - design and APKs alike:

We tried playing the cat and mouse game of trying to detect their scrapers and blocking them, but they regroup and find new ways to get around the blocks. There are countless other sites that do the same.

I realize these APKs don't belong to us and there's a certain amount of hypocrisy in my statement, but nevertheless I eventually got tired of fighting that battle, and the .apkm file format is our solution to this problem.

Once again, I realize that not everyone will like this development, and I'm sorry to disappoint those people, but as I mentioned we put a lot of thought into this decision, and we sadly can't appease everyone.

[AndroidDeveloperLB]

Well you can put a login into the website, so that it would require real users. When someone seems to download too many files, you can limit it and require CAPTCHA or even ban for a long time in case you think it's a scrapper.

As for cat and mouse, you moved it to the users instead. Whoever scrapes your APKs won't have it hard compared to users. Now nobody can use APKM files except in the app. It doesn't mean at all that it's impossible to extract the APK files from APKM. People can extract the APK files after installing them using the app, by getting to the public paths of the installed apps. And this is the naive solution. I'm sure whoever wants it so dearly could reverse engineer. Installing split APKs is not something that's so hard. I already found about this on StackOverflow.

Here, tested Netflix, and got the APK files from APKM. :

Makes sense. After installing, it's still APK files.

You chose to be even more closed than APKpure website. Really disappointing of your guys. You used to be offering APKs that are found for free outside. If server bandwidth was an issue you could use Magnet links or something. APK files are a standard that's a part of Android framework. APKM isn't. Using a zipped file I could choose for example to modify and save only part of the APKs.

With APK files, a file manager app could show icons of the apps. Now it can't. With open sourced formats, it can.

Not only that you've made a new closed format, but you require a payment (and a subscription!) to install apps or force us to wait for it. For something that was quick and easy, of normal APK files. Of open sourced (granted, hard to learn and handle, but still open sourced) and free format.

Now nobody could leverage it, not for you and definitely not for users. I don't think you will make some libraries to handle this now.

I hope Google will make its own standard. Maybe then you will change your mind and have a proper handling of APK files.

[patrickdrd]

+1

[AndroidDeveloperLB]

In fact, I think the website "APKPure" got even more APKs inside its files. What's the advantage of APK mirror installer at all, or of its APKM file format?

[the4anoni]

apkm is for me nothing anything other than big jump for money. AD-supported installer with not cheap subscription (!) option to remove ads. It's still possible to run a bot which would automatically install apkm, repack it to apks and upload it to someone copycat site. It's more about money than these copycat sites.

[TPS]

@Archon810 Y'all do realize that deleting comments from a GitHub issue doesn't prevent those from being sent out via e-mail, right? So far, the only comments missing from the site, but received via e-mail, seem to be those that make more sense than .APKm!

[AndroidDeveloperLB]

I don't think they can remove comments. Can they? It's not their website. I think only Github can do it.

[archon810]

@TPS I'm sorry, which comments are you talking about? The last several days have had so many things happen, I don't remember everything, but I don't think I deleted any comments unhappy about .apkm here.

[AndroidDeveloperLB]

@archon810 So it's possible to delete comments of others?

[TPS]

Here, there are now missing salient comments from "Mr Dodojo":

but it's easy AF to remove the "encryption" on the .apkm files so it almost has no purpose once again.

@AndroidDeveloperLB Deleting comments is available to the commenter, repo owner, & the repo's designated collaborators, @ least.

[archon810]

Found the audit log. The user deleted their own comment.

[TPS]

@archon810 I apologize unreservedly. 🙇🏾‍♂️

It is still an apropos comment, though.

[MrDodojo]

edit: I didn't say what I just said here bad memory bad memory But also someone already made a .apkm to .zip / normal people split apks file.

[TPS]

But also someone already made a .apkm to .zip / normal people split apks file.

@MrDodojo Ooh, do you have a link to that?

[MrDodojo]

Ooh, do you have a link to that?

https://github.com/souramoo/unapkm (https://twitter.com/YTVanced/status/1243295907988283393)

[TPS]

Well, that didn't take long. Thanks!

[AndroidDeveloperLB]

Looking at how inefficient it works (on APK-mirror app and of course on this one), I don't see a point in using APKM format. It takes about 4 seconds to get to the content of a 24MB file. Takes more on larger files. On a zipped file, it's practically in an instant. I've created a new request to ditch APKM file format, here: https://github.com/android-police/apkmirror-public/issues/119 Please consider starring it.

[MrDodojo]

.APKM is unnecessary and we all know it

[Mardiie]

Bye apkmirror. Suck a dick! Thanks for the unapkm tool.

[TPS]

@Mardiie Hey, be nice. Everyone should be allowed mistakes, just as long as they realize soon after & fix them, as APKMirror is in-process of doing.

[ghost]

I took a look at the format myself and made a nice minimal script to decrypt it (https://gist.github.com/nm111/aa86b20797989f13f858413dc3ac8289). Also the reason the performance is so bad is because they are using Argon2 KDF with MEMLIMIT_MODERATE with a hardcoded key (lol).

[AndroidDeveloperLB]

@nm111 So it's not the code's fault, then. It's the format itself that causes it...