apkeep 1.0.0: A Reliable Command-Line Tool for Android App Research and Analysis

Introduction

After more than four years of incremental development, the command-line Android package downloader apkeep has reached version 1.0.0. This milestone does not signify a radical overhaul; instead, it reflects the project's maturation into a stable, dependable tool for downloading APK files and related app data. Originally built to help researchers and power users access Android applications from multiple sources, apkeep has become a key component in a variety of workflows, from malware analysis to privacy auditing.

This latest release introduces several focused improvements for Google Play Store interactions, along with expanded platform support and important bug fixes. Below, we dive into the new features, how the research community uses apkeep, and what lies ahead for the project.

What’s New in Version 1.0.0

The 1.0.0 release centers on enhancing the Google Play Store integration. Three major additions empower users to download richer app metadata and authenticate more flexibly:

• Dex Metadata with Cloud Profiles – You can now download a dexterity-based metadata file that contains Google’s Cloud Profile data. These profiles provide insights into app performance based on real-world usage, helping researchers evaluate dynamic testing outcomes.
• Anonymous Login via Aurora Store Token – Users can provide a token generated by the Aurora Store’s dispenser to log in anonymously for app downloads. This feature eliminates the need for a personal Google account, simplifying automated or bulk downloads.
• Custom Device Profiles – When downloading from Google Play, you can now specify your own device profile. The store uses this information to deliver the app variant optimized for your particular hardware and software specifications, ensuring compatibility.

Additionally, the team fixed an authentication bug introduced by recent changes to the Play Store API, restoring seamless downloads for users relying on standard login methods. Beyond Google Play, apkeep now supports Homebrew on macOS (since the October release), joining the existing Linux, Windows, and Android environments.

How Researchers Use apkeep to Understand the Android App Landscape

The apkeep project has always been community-driven. Many features in the 1.0.0 release, including the dex metadata download for Cloud Profiles, were contributed by researchers who needed these capabilities for their work. These profiles serve as a goldmine for evaluating dynamic testing—the practice of analyzing app behavior during execution.

Several high-profile projects and academic papers cite apkeep as an essential part of their toolkit. For example:

• Exodus Privacy uses apkeep to power the εxodus tool, which monitors the privacy properties of Android apps by downloading and analyzing their APK files.
• A research team downloaded 21,154 apps using apkeep in a large-scale study of evasive malware, demonstrating its reliability for bulk downloads.
• Static and dynamic analysis tools for Android often integrate apkeep to fetch apps directly from the command line, streamlining research pipelines.

The tool’s simplicity—running as a single command-line binary—makes it ideal for automation in CI/CD pipelines or large-scale data collection. Researchers value its speed, reliability, and safety, ensuring that downloads do not introduce malware or unwanted dependencies.

What’s in Store for apkeep

The core goals of apkeep remain unchanged: provide a fast, safe, and reliable way to download apps from multiple providers. While the Google Play Store dominates the Android ecosystem, the project has already expanded to support F-Droid, a repository for open-source apps. The team plans to broaden this list further, enabling comparative analysis of apps distributed through different channels.

Future updates may include support for alternative app stores such as Amazon Appstore or Huawei AppGallery, as well as improved handling of region-locked content. The development team actively welcomes contributions—whether through code, documentation, or feature requests—to help apkeep evolve.

How You Can Help

If you use apkeep in your own work—for malware analysis, privacy auditing, or even personal app archiving—the team would love to hear about your experience. You can share feedback, report bugs, or suggest new features via the project’s GitHub repository. For those who want to support the broader mission, consider donating to the Electronic Frontier Foundation (EFF), which helps sustain the infrastructure and legal advocacy that protects open-source projects like apkeep.

To get started with apkeep 1.0.0, visit the official GitHub page for installation instructions and documentation.