Today, we are announcing the retirement of NVISO ApkScan, our online malware scanning service we launched back in 2013. ApkScan was born with the purpose of offering the (security) community a free, reliable and quality service to statically and dynamically scan Android applications for malware.
Since the inception of the project, it has been a great success – more than what we anticipated when we launched. A few statistics:
- 200.000+ unique user-uploaded Android samples;
- More than 10.000 unique visitors / month;
- Billions of requests made through the free API;
- Most abused permission is android.permission.SEND_SMS.
When we launched ApkScan, its sandbox supported the analysis of more than 90% of all the apps uploaded by users; however, over time, more recent Android versions have made it difficult for ApkScan to perform a dynamic analysis using the original sandbox. Supporting modern Android apps would require a major overhaul of the sandbox we currently use; this is an investment we haven’t and can’t prioritize in our team for the time being.
Leaving the service online in its current form is not feasible, as the scan reports will most likely start missing a crucial part of the dynamic analysis as the Android API further evolves – we want to avoid letting it come to this point, which is pushing us towards sunsetting the service.
The community has seen a great addition of dynamic malware analysis and sandbox services over the past few years, which were not available when we launched ApkScan in 2013. We invite all active ApkScan users to try out these services online (don’t forget to read their policy on sharing of the uploaded samples!); we are confident that you will find an alternative that will fit your use case!
We plan to gracefully phase out the service; this week, we will disable new uploads of Android applications, both through the website as well as the API. All existing reports will remain available until end of October, after which we plan to take the entire service offline. If you are interested in a specific scan result, we suggest you download the specific report as a PDF, straight from the browser.
Finally, we want to thank all users for their continuous support & use of the platform over the past 6 years. We have learned a great deal about Android malware by running this service, and we have been privileged to be able to share the results with this great community. Thank you!
About the author
Daan Raman is in charge of NVISO Labs, the research arm of NVISO. Together with the team, he drives initiatives around innovation to ensure we stay on top of our game; innovating the things we do, the technology we use and the way we work form an essential part of this. Daan doesn’t like to write about himself in third-person. You can contact him at firstname.lastname@example.org and find him on Twitter and LinkedIn.