Privacy Policy
Your data stays yours.
Apk Extractor is built privacy-first. This page explains exactly what the app touches, what it never touches, and the choices you control.
At a glance
- ✓APK extraction, analysis and backups run on your device.
- ✓We never sell your data. We don't have a server that stores your APKs.
- ✓Cloud backups go directly to your Google Drive or Dropbox — not to us.
- ✓App lock PINs and OAuth tokens are stored encrypted on-device.
- ✓You can opt out of personalised ads and uninstall any time.
📱Information processed on your device
To list, extract, analyse and back up your installed apps, Apk Extractor reads information available through Android's standard APIs. This information stays on your device unless you explicitly choose to share or upload it.
- Installed app metadata (name, package, version, size, icon, install/update dates)
- Decoded
AndroidManifest.xml, declared permissions, components, signing certificate, DEX & native libraries
- Storage stats (APK size, install size, data, cache) via
PackageManager / StorageStats
- Saved APK files written to your chosen output folder (Storage Access Framework)
We do not collect, transmit, or sell any of this information. Analysis happens locally on your device.
☁️Cloud backups (Google Drive & Dropbox)
If you enable cloud backup, Apk Extractor uses OAuth 2.0 to obtain permission to upload APKs into your own account, into an ApkExtractor/ folder.
- OAuth refresh tokens are stored locally using EncryptedSharedPreferences (Android Keystore-backed AES-GCM).
- We never see your account password. We can only access the folder we created.
- Disconnect any time from Settings → Backup & Restore. Tokens are wiped from your device immediately.
- For Google Drive, usage of information is in line with the Google API Services User Data Policy, including the Limited Use requirements.
🔐Privacy, security & app lock
- App lock: optional biometric / device-credential / PIN gate. PINs are stored as salted SHA-256 hashes — the plain PIN never leaves memory.
- Hidden apps vault: entries are stored locally; visible only after you authenticate.
- Password-protected exports (.apkx): encrypted with AES-GCM + PBKDF2. Only you know the password; we cannot recover it.
- Root Power Tools: opt-in; root commands run only when you tap an action.
📡Local Wi-Fi & QR sharing
QR-code Wi-Fi share starts a temporary local HTTP server on your device so a nearby device on the same Wi-Fi network can download an APK. The transfer never leaves your local network and stops as soon as you close the screen.
Deep links (apkextractor://) and Nearby Share only carry references chosen by you.
📊Analytics & crash reporting
To keep the app reliable, we use:
- Firebase Crashlytics — anonymised crash stack traces and device/OS info.
- Google Analytics for Firebase — aggregated, non-identifying usage events (e.g., screen views, feature use).
- Play Install Referrer — campaign attribution at install time, no personal data.
We do not collect contacts, photos, messages, location, or the contents of your APKs.
📣Advertising
The free version shows ads via Google AdMob, with mediation through Meta Audience Network. These SDKs may use advertising identifiers to serve and measure ads in line with their own policies:
Google Ads Policy · Meta Privacy Policy
You can reset your Advertising ID or opt out of personalisation in Android Settings → Privacy → Ads. Purchasing Remove Ads or Premium disables ad SDK initialisation entirely.
💎Purchases & subscriptions
Premium, Lifetime and Remove-Ads purchases are processed by Google Play Billing. We don't see or store your card details — Google manages the transaction and we only receive an entitlement token used to unlock features on this device / Google account.
🔑Permissions we request
- Storage / SAF — to save extracted APKs to a folder you choose.
- Internet & Wi-Fi state — for cloud backup, local QR share, and updates check.
- Foreground Service & Notifications — to show extraction / backup progress.
- Biometric — only if you turn on App Lock.
- Vibrate — for optional haptic feedback (can be disabled in Settings).
- Query installed packages — to list apps for extraction.
👶Children's privacy
Apk Extractor is not directed at children under 13. We do not knowingly collect personal information from children.
🌍Your rights
You may request access to, correction of, or deletion of any personal information associated with you. Most of your data lives only on your device — uninstalling the app removes it. To exercise rights under GDPR / CCPA, contact us using the details below.
🔄Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be highlighted inside the app via the "What's New" dialog. Continued use of Apk Extractor after the changes take effect means you accept the updated policy.