Privacy policy
Last updated: 3 July 2026
Apkaura is designed so that we know as little about you as possible. This document lists exactly what data leaves your device, why, where it goes, how long it stays, and how you can turn it off.
1. What Apkaura does not collect
- Your browsing history — it is stored on your device only, never uploaded.
- Bookmarks, tabs, or reading list — stored locally.
- Passwords or form autofill — Apkaura does not manage these.
- Cookies or session data from websites you visit.
- The list of APKs you install through Apkaura.
- Your name, email, phone number, or any account identifier — Apkaura has no accounts.
2. What Apkaura collects
Apkaura uses Google Firebase for anonymous telemetry. The following categories are collected:
- Firebase Analytics — anonymous usage events such as which screen was opened and how many times a feature was used. No URL, no query, no filename is included. The Firebase SDK generates an installation ID that resets when the app is reinstalled.
- Firebase Crashlytics — a stack trace if the app crashes, along with the Android version and device model. Stack traces do not include browsing content or personal data.
- Firebase Remote Config — Apkaura fetches a small JSON payload every 12 hours to check whether an update or a kill switch is available. The request includes only the app version and Android version.
- VirusTotal proxy — when the APK inspector scans a file, the SHA-256 hash of that APK is sent to a Cloudflare Worker which forwards it to VirusTotal. Your IP address never reaches VirusTotal — the Worker forwards on your behalf. The worker logs minimal metadata (timestamp, cache hit or miss) for cost control, with no association to any user identity.
3. Where the data goes
- Firebase telemetry is stored on Google infrastructure under the Apkaura developer project.
- VirusTotal proxy runs on Cloudflare Workers and calls VirusTotal's public API.
- All communication uses HTTPS.
4. Retention
- Firebase Analytics events: retained per Firebase's default (14 months) unless deleted earlier.
- Crashlytics stack traces: retained for 90 days.
- VirusTotal cache entries: 7 days for a real verdict, 1 day for "not seen" — no per-user history.
5. How to opt out
A user-visible opt-out for Crashlytics is being wired into Settings and will land in the next release. Analytics and Remote Config are currently not user-toggleable because they drive the update kill switch, but they are anonymous by design and do not identify you.
Full opt-out today: uninstall Apkaura. No server-side identifier survives the uninstall.
6. Children
Apkaura is not directed at children under 13. It has no account, no age gate, and does not knowingly collect data from any specific person.
7. Changes to this policy
If this policy changes materially, we update the "last updated" date above and post a note on the Telegram channel t.me/ApkauraApp. Continued use of Apkaura after a change means you accept the updated policy.
8. Contact
Questions or requests to delete data associated with your device installation can be sent to [email protected]. Include enough detail (approximate install date, device model) so we can locate the telemetry entries — Apkaura has no user accounts, so we cannot look you up any other way.