Q&A: Understanding the New apkeep 1.0.0 Release and Its Impact on Android App Research
apkeep, a command-line tool for downloading Android packages, recently reached its 1.0.0 milestone after more than four years of iterative development. This version marks a stable, mature release rather than a radical overhaul. The update introduces several features focused on the Google Play Store, such as downloading dex metadata files, anonymous login via Aurora Store tokens, and custom device profiles. Researchers and enthusiasts have already integrated apkeep into workflows for malware analysis, privacy audits, and large-scale app studies. Below, we explore the most common questions about this release and its role in Android app research.
- What is apkeep and why does version 1.0.0 matter?
- What new features does apkeep 1.0.0 offer?
- How do researchers use apkeep in their work?
- What are the system and platform requirements for apkeep?
- What future plans exist for apkeep?
- How can the community contribute to apkeep's development?
What is apkeep and why does version 1.0.0 matter?
apkeep is an open-source command-line tool that downloads Android application packages (APKs) from various app stores, including the Google Play Store and F-Droid. The version 1.0.0 release is significant because it represents a stable and mature point in the project’s lifecycle after over four years of continuous updates. Rather than introducing groundbreaking changes, this milestone signifies that the tool has been refined enough to be reliable for everyday use. For researchers, this stability is crucial—they can depend on apkeep to consistently fetch apps without unexpected breaks. The release also sets a foundation for future enhancements, as the core functionality is now robust.
What new features does apkeep 1.0.0 offer?
Version 1.0.0 brings several new capabilities, all centered on improving interactions with the Google Play Store. Key additions include:
- Dex metadata downloads: You can now retrieve a dex metadata file associated with an app that contains a Cloud Profile. This profile provides performance insights based on real device usage, helping researchers understand how apps behave under different conditions.
- Anonymous login via Aurora Store tokens: Users can supply a token generated by Aurora Store’s dispenser to log in anonymously for downloading apps, enhancing privacy.
- Custom device profiles: When downloading from Google Play, you can specify your own device profile. The store then delivers the app variant optimized for those particular specifications, ensuring compatibility.
- Authentication bug fix: A bug introduced by the Play Store API has been resolved, preventing download failures.
- Homebrew support for macOS: Since the previous release in October, apkeep has been available via Homebrew, making installation easier for Mac users alongside existing Linux, Windows, and Android support.
How do researchers use apkeep in their work?
Researchers have been instrumental in shaping apkeep’s features, particularly the new dex metadata download option. They use this to analyze Android compilation profiles, which are rich sources of information for dynamic testing and performance evaluation. For instance, the privacy auditing project Exodus Privacy relies on apkeep to power the εxodus tool’s app downloads, enabling large-scale monitoring of app privacy properties. Another research team cited apkeep in a whitepaper where they downloaded 21,154 apps to study evasive malware behaviors in the Android ecosystem. By providing a fast, safe, and reliable way to acquire apps from multiple stores, apkeep becomes a critical component in the researcher’s toolkit for understanding the Android app landscape.
What are the system and platform requirements for apkeep?
apkeep is designed to run on multiple operating systems. Supported platforms include:
- Linux (distributions with standard package management)
- Windows (via precompiled binaries or building from source)
- macOS (available through Homebrew as of version 1.0.0)
- Android (through Termux or similar environments)
Since it is a command-line tool, users should be comfortable with terminal operations. There are no heavy hardware requirements—apkeep works on modest machines. The only dependency is an internet connection to access app stores. For Google Play downloads, users may need to provide authentication tokens or use the anonymous login feature. The tool is written in Rust, ensuring good performance and memory safety across platforms.
What future plans exist for apkeep?
The development team’s goals have remained consistent: to provide a reliable, fast, and safe way to download apps from multiple providers. While the Google Play Store is the primary focus due to its dominance, the project has already expanded to support other stores like F-Droid for open-source apps. Future plans include broadening the list of supported app providers, enabling easier comparative analysis of apps across different contexts. The team welcomes contributions from the community to help integrate new store backends. Additionally, they aim to maintain compatibility with evolving store APIs and to keep the tool free from unnecessary bloat. Long-term, apkeep could become a standard utility for anyone needing to archive or analyze Android apps.
How can the community contribute to apkeep's development?
There are several ways to get involved. If you use apkeep in your own projects—whether for malware analysis, privacy audits, or simply app archiving—the developers encourage you to share your experiences and report any issues. Contributions to the codebase are particularly welcome, especially for adding support for new app stores or improving existing features. The project is open-source, and its repository is available on GitHub. For those who cannot contribute code, financial support is also valuable. The development is backed by the Electronic Frontier Foundation (EFF), so donations to EFF help sustain the work. In summary, every bit of feedback, code, or funding helps ensure apkeep remains a powerful tool for the Android research community.