To track state-sponsored malware and combat the stalkerware of abusive partners, you need tools. Safe, reliable, and fast tools. For the dark corners of the Android ecosystem, we couldn’t find a good tool to download packages on the command-line. So we made one.
Rather than just solve our own problem, we decided to make our new tool, apkeep, generically useful for everyone. We also wanted it to be reliable, safe, and fast. So writing it in async Rust made a lot of sense, and allowed us to deploy to a wide range of architectures and platforms. But we wanted to download not only from Google Play, but other app stores as well. And supporting these often necessitated employing Android reverse engineering techniques and dynamic analysis to look at real-time traffic being sent over HTTPS.
This talk aims to introduce apkeep as a tool, explore some of the novel obstacles we faced in building out this tool, and show some of the results of those who have incorporated it into their toolboxes.
