Overview
- SmartTube’s developer reported that malicious code made its way into official APKs after a compromise of the release pipeline, with one account also stating the signing keys were exposed.
- Specific builds have drawn scrutiny, with malware scanners flagging versions 30.43 and 30.47 from APKMirror and a hidden libalphasdk.so found in 30.51 that is absent from the public source code.
- Google Play Protect blocked installations for some users and reports suggest Google and Amazon forced removals on certain devices tied to the tainted releases.
- The developer wiped the build machine, removed older releases from GitHub, abandoned the old signature, and published version 30.56 as the first clean build, available via Downloader codes though not yet on the public release list.
- Guidance urges caution: factory‑reset devices updated in November, audit Google and YouTube account access, consider password changes, turn off auto‑updates, and reinstall only the newly issued build once verified.