[chickenbane]

You are fine using apkmirror to grab an update you haven't yet received from the Play Store. When you install the apk, Android knows you are updating an app, verifies the signature, and ensures it came from the same developer.

Android is sane: it won't let you downgrade, further updates from the store will work correctly, etc. Since apkmirror usually get their apks from the Play Store, you'll be okay if you know what you are doing.

That said, your skeptical attitude is very appropriate. Installing apks from outside of the Play Store is by far the biggest vector for malware. Users that only install from the Play Store are currently safe (less than 0.15% of those users get malware).

[hackuser]

> You are fine using apkmirror to grab an update you haven't yet received from the Play Store. When you install the apk, Android knows you are updating an app, verifies the signature, and ensures it came from the same developer.

Great point; thanks.

> apkmirror usually get their apks from the Play Store

How do you know this? I've read reports of other Play Store proxies who injected malware.

> your skeptical attitude is very appropriate. Installing apks from outside of the Play Store is by far the biggest vector for malware

I was talking about APK proxy services, which claimed to pull the APKs from Google Play Store. For app stores, there are other generally reputable sources, such as,

* F-Droid, which focuses on free/open source software and user privacy. It has an excellent reputation and builds every app from source.

* Aptoide: Large commercial market, claims to screen apps for malware

* SlideME: At least at one time, reputedly focused on small, indie devs.

* GetJar: "The worlds biggest Open App Store", Started "by developers for developers"