Table of Contents
Is My SmartTube App Infected With Malware and How Can I Install a Safe Version?
Many users of the SmartTube app on Android TV recently encountered a security warning from Google Play Protect. The system disabled the app, stating, “The app is fake. It tries to take over your device or steal your data.” This action was a protective measure, preventing the app from running but leaving the uninstallation choice to the user. This article explains the cause of this alert and outlines the necessary steps to secure your device.
The Source of the Compromise
The security issue stemmed from a malware infection on the developer’s computer. The developer, known as Yuliskov, confirmed that this computer was used to build the app’s installation files (APKs). Consequently, malicious code was injected directly into several versions of the SmartTube app during the build process.
Initially, the developer suspected that the app’s leaked digital signature was the cause. A leaked signature could allow malicious actors to release fake, malware-infected versions of the app. While this was a valid concern, the root cause was later confirmed to be the infected build environment itself.
Analysis of the Malicious Code
Independent analysis of affected app versions, such as 30.51, identified a hidden component that activated upon launch. This code collected and transmitted specific device and network information to an external server without user consent. The data collected included:
- Device model and manufacturer
- Android OS version
- Network operator and connection type (Wi-Fi or mobile)
- Local IP address
- A unique ID created by the malware
While the code’s behavior resembled botnet activity, there was no direct evidence that it stole user authentication tokens or executed other harmful commands. However, the unauthorized data collection posed a significant privacy and security risk. A community-sourced list identified numerous infected versions, ranging from 28.56 to 30.51.
Recommended Steps for Users
If Google Play Protect or Amazon FireOS has flagged your SmartTube installation, you must uninstall the app immediately. The developer has since cleaned the compromised computer and released new, safe versions of SmartTube.
To ensure your security, only install the app from its official source. The developer has explicitly warned against downloading APKs from any third-party websites, as their integrity cannot be guaranteed. The latest stable (v30.56) and beta releases have been verified as clean on VirusTotal. The developer is also preparing a new release for F-Droid and plans to publish a full statement explaining the incident.