Apk Search¶

Koodous has a large database of sample Apks.

Searches can be performed both through the Koodous website and using the API, for more information see the apk endpoints.

Samples can be downloaded according to the limits per user type.

Apk search system¶

The Koodous apk search system allows to use a multitude of filters for the information fields of the Apks, so you can find the ones you want.

A basic example of a search could be: app: Whatsapp AND package: com.whatsapp or package: com.google.android.videos AND trusted: true.

It is possible to perform regular searches by entering the desired text string in the search field to search for Apks with that string in:

Package name.
Company name.
Application name.
Hash (if the string entered is a valid hash (sha1, sha256 or md5) then that field will also be searched.

There are conditional operators AND, OR and - (NOT), as well as composition using parentheses ((, )) that allow the creation of complex searches. If different searches are chained together separated by spaces, the AND operator is automatically applied between them.

For modifiers that allow searching between elements with order, such as packet size (size, date, rating) allow the use of the sorting operators: <, <=, >, >=.

Examples of regular searches with conditions and compositions:

66038ee31eea9fa77cb657299edcca9f66b9ba26af0c9eb514aff39abfd2b68c: searches on the packet name, company name, application name and hash fields, with the latter being is the really interesting one for this string.
Whatsapp: searches on the package name, company name and application name fields.
Whatsapp -com.whatsapp: searches for the string Whatsapp in any of the fields of the regular search, without the string com.whatsapp appearing in any of them.
"Whatsapp Plus": searches for the string Whatsapp Plus in any of the fields of the regular search.
Whatsapp AND Facebook: searches for both of these words in the regular search fields.
Whatsapp OR Facebook: searches for either of these words in the regular search fields.
(Whatsapp OR Facebook) -(com.principal OR com.whatsapp): searches for any of the two words in the first group, while excluding those in the second group.

Modifiers for advanced search¶
Attribute	Modifier	Description
Hash	hash:	Performs the search depending on the automatically inserted hash. The admitted hashes are sha1, sha256 and md5.
App name	app:	Searches for the specified app name. If it is a compound name, it can be searched enclosed in quotes, for example: `app: "Whatsapp premium"`.
Package name.	package:	Searches the package name to see if it contains the indicated string, for example: `package: com.whatsapp`.
Name of the developer or company.	developer: or company:	Searches whether the company or developer field includes the indicated string, for example: `developer: "WhatsApp Inc."`.
Version	version:	Searches whether the string of the app version matches the one specified, for example: `version: 2.22.4.1`.
Package size.	size:	Searches whether the size of the packet matches the one specified. Comparators can also be used in order to specify whether we are searching for a size smaller, smaller or equal, larger, larger or equal. For example: `size: < 2000` or `size: >= 125125`. The unit of size is the byte.
Tag	tag:	Searches if the apk has the specified tag, for example: `tag: playstore`.
Date	date:	Searches by the date of entry into the system. Allows to use comparators or range, for example: `date: [2021-03-25, 2021-03-26]`, `date: > 2021-03-25`.
Detected	detected:	Filters apks that have been marked as detected (malware), for example: `detected: true` or `detected: false`.
Analyzed	analyzed:	Filters apks that have already been analyzed, for example: `analyzed: T` or `analyzed: F`.
Rating	rating:	Searches by community rating. This modifier allows to use comparators, for example: `rating: <0`, `rating: >= 2`.
Installed	installed:	Filters whether the application is installed on any device, for example: `installed: 1` or `installed: false`.
Trusted	trusted:	Filters for applications that have been marked as trusted, for example: `detected: true` or `detected: false`.
Corrupted	corrupted:	Filters for applications that have been marked as corrupted. If an apk has been flagged as detected, it means that the .dex file, a resource file or the certificate could not be detected. Many apks installed on devices do not have a default certificate; this may result in those apks being considered as corrupt. For example: `detected: true` or `detected: false`
Certificate	certificate: or cert:	Searches the apps by their certificate. For example: `cert: 60BBF1896747E313B240EE2A54679BB0CE4A5023` or `certificate: 38A0F7D505FE18FEC64FBF343ECAAAF310DBD799`.

Information about Apks¶

Some Apks contain the corrupted tag, this would indicate that the .dex file, or a resource or certificate could not be detected. Many applications installed on devices do not have a certificate by default. This is why these are considered to be corrupt.

Applications may have been analyzed with Androguard, Droidbox, and Cuckoo. If they are not, it can be requested, and the user will be notified when it is finished.