Review Process

APKBA's review process turns APK download pages from simple file listings into pages with reviewable information. We build page records around app identity, file consistency, security scans, installation tests, and screenshot evidence so users can see a more complete decision path before downloading.

The review process is not an absolute safety certification. It is a method for making risk information more transparent.

Step 1: Confirm App Identity

Editors first check the app name, developer, package name, version number, file size, supported system, and channel description. This step confirms which APK the page is discussing and helps users avoid mixing up different versions, channels, or package names.

If identity information cannot be confirmed, the page should not make overly strong conclusions. Cases with unclear version sources, abnormal package names, or conflicting file information should be marked as needing further verification.

Step 2: Record File Information

File information includes APK file size, version number, update date, architecture information, and download target description. Clear file information helps users perform basic comparisons after downloading and makes it easier to identify whether a page has become outdated.

When the same app has multiple historical versions, each version should ideally keep an independent page or independent record. This prevents users from reading old-version information as if it applied to the current version.

Step 3: Generate and Display SHA-256

SHA-256 is a file consistency hash. APKBA displays the SHA-256 of the corresponding APK whenever possible so users can calculate and compare it after downloading.

If the SHA-256 calculated locally by the user does not match the page record, installation should be stopped until the downloaded file, source, and page version are confirmed again. A hash mismatch usually means the file is not the same object.

Step 4: Review VirusTotal Scan

VirusTotal scans provide detection references from multiple security engines. APKBA pages should record the scan target, scan time, number of flagged engines, and report link so users can view the broader detection context.

Scan results may include false positives or false negatives, so a “no detection” result should not be written as a permanent safety guarantee. It only describes the detection status for the scanned object across the available engines at the recorded time.

Step 5: Perform Installation Testing

Installation testing observes whether the APK installs, whether first launch works, and whether obvious abnormal popups, mandatory login, forced updates, ads, in-app purchases, or permission prompts appear.

Test records should include device model, Android version, test time, and result. The more limited the test devices are, the more clearly the page should state the coverage so users do not read a local test result as a universal conclusion.

Step 6: Organize Screenshot Evidence

Screenshot evidence can help users visually understand the installation flow, core interface, ad popups, permission prompts, and abnormal states. Screenshots should support verification and should not create false official endorsement or misleading proof.

If a page displays screenshot counts, screenshot groups, or review status, they should match the actual evidence library.

Step 7: Publish, Update, and Correct

After publication, the editorial team updates content based on version changes, user feedback, security scan changes, and additional tests. Important information that affects download decisions, such as hashes, scan results, download targets, and risk prompts, should be handled first.

Users can submit page errors or additional materials through legal@apkba.com. APKBA will decide whether to update the page based on verifiable evidence.