YSK: Telegram APK from APKPure is a spyware
24d 9h ago by piefed.world/u/beep in youshouldknow from i.ibb.co
cross-posted from: https://piefed.world/c/tech/p/1146502/telegram-apk-from-apkpure-is-a-spyware
On analyzing the APK with jadx, it contains a class DataCollector, which does not exist in the .apk file downloaded from the official Telegram website.
This class collects a lot of your data, including:
- Your photos, videos, and files
- Your contacts
- Your messages
- Your GPS Coordinates
- Your SIM card information
- Your Telegram profile
This data is monitored and uploaded continuously. All the data is uploaded to a server with IP Address 38.190.225.166
💬 Initial discovery by Eric Parker
So APKPure is not trustworthy? Do they not have any verification of APKs?
maybe there were before, but now something has changed, I would recommend looking at alternatives to this site, for example in fmhy(.)net or in alternative net, but I would download the application from official sources, like the play market or open source programs in f-droid
I know that APKMirror supposedly verifies the APK files' hashes against official sources, so APKs you get there should be fine, unless the developer was compromised at some point, or unless APKMirror itself is lying, but it is run by the people behind Android Police, as far as I know.
apk download sites seem pretty sketchy in general
Yeah, it's the Windows .exe problem all over again
Not true! Download my free cracked apks at totally not a virus dot com
Who downloads Telegram's apks from third party sources if they're freely available on Telegram's official website?
It's literally the first result when you search for "telegram apk" (DuckDuckGo). Followed by apkpure.
Anything outside the official F-Droid repo is sketch as fuck
YSK: Telegram
APK from APKPureis a spyware
everything related to telegram gives me the ick
Like small infintes and large infinites are both invites, yes
Don't get me started on coubtable and ubcoubtanle. And ns that turn to vs.
Nice. I wonder how clean Forkgram is
Forkgram is kinda sus in my phone. It's always opening notifications. Sometimes when I open the browser. I keep wondering if it's just me
If it's in the official fdroid, it's met some very strict inclusion criteria.
Read the anti feature warnings it's all very clear.
This is why it really sucks that app developers offering their APKs directly isn't more common, forces people to turn to sites like this. I've installed apps from apkmirror just because I want to avoid Google Play. I don't really understand why there isn't some third party app store that helps lift the hosting+verification burden from developers but still doesn't rely on randos uploading apks from gplay.
What a great world it would be if every time you went to some software's website with an app, they had that "download from google play" button right next to a "download from <this other legit Store>" button so you know its their real account, and a "download apk" button, because why not put some faith in users?
I did just upvote you but i'm also leaving a comment because that's how happy i am with Aurora Store doing the hard work
this is literally exactly why f-droid exists
They can't do that, pure is right in the name!
Its still made entirely of .apk.
YSK: as a mass noun, 'spyware' doesn't need the indefinite article. We don't say "a happy", for instance, and we heckle those who say "a software".
This is the thing that worries me. I'm currently Degoogling and relying on sources like F-Droid, but these sneaky tricks seem unavoidable
Just stick to fdroid
That's why I'm extremely strict about permission I allow on my apps. My Telegram is official but still has no permission on contacts, camera or images/files.
Maybe some developer verification would be useful 😜?
What? There were so many ways to not download this, from using a certificate provided by telegram to... Well just downloading it from telegram directly.
This is not something that would need such drastic actions as blocking everything thats not from one authority, and even with that I'll remind you that google as an authority has in no way better standards in many ways.
Also, feddit.UK, so show me your I'd.
just download the apk from telegrams website LOL