Hi, I discovered the reason and was a bit worried about the Android APK builds from hired modding teams.
I took a deep look into the class details of Lite APKs from highly popular apps like Spotify, YouTube, Twitch, X, and many more. These apps include a file located at lib/arm64-v8a/lib_LiteApks_Com.so. On devices where this file exists, it may be the reason why a pop-up appears during the first launch.
"Image" (https://github.com/user-attachments/assets/c192ccc2-1364-4529-badd-006992de0bb4)
The second reason for this report is related to the activity classes within these apps. At first glance, they look normal, but after deeper analysis, I found that some classes contain hidden patterns that could be used for tracking users who install apps from Lite APK websites.
"Image" (https://github.com/user-attachments/assets/e88d7b88-c80b-4efc-a78e-b1e567d7b3d3)
This is what they may be hiding in many modded Lite APK apps. Even the activity structure seems suspicious to me, suggesting potential spying, data theft, or the collection of user IDs, passwords, and other sensitive information.
I am considering reporting Lite APK websites in order to have them taken down and to protect users.
Hi, I discovered the reason and was a bit worried about the Android APK builds from hired modding teams.
I took a deep look into the class details of Lite APKs from highly popular apps like Spotify, YouTube, Twitch, X, and many more. These apps include a file located at lib/arm64-v8a/lib_LiteApks_Com.so. On devices where this file exists, it may be the reason why a pop-up appears during the first launch.
"Image" (https://github.com/user-attachments/assets/c192ccc2-1364-4529-badd-006992de0bb4)
The second reason for this report is related to the activity classes within these apps. At first glance, they look normal, but after deeper analysis, I found that some classes contain hidden patterns that could be used for tracking users who install apps from Lite APK websites.
"Image" (https://github.com/user-attachments/assets/e88d7b88-c80b-4efc-a78e-b1e567d7b3d3)
This is what they may be hiding in many modded Lite APK apps. Even the activity structure seems suspicious to me, suggesting potential spying, data theft, or the collection of user IDs, passwords, and other sensitive information.
I am considering reporting Lite APK websites in order to have them taken down and to protect users.