What are trustworthy APK sites?

So, there's this Android app, you really must have, but its developer only distributes via Google Play and, for some reason, Play is off limits to you. How do you get it anyway? Sure, there are tons of APK mirror websites out there, but how do you know which ones you can trust?

Android is a shark tank of an ecosystem and it’s filled to the brim with malware. Google does a somewhat decent job of keeping the worst of the worst off Play, but if you insist on downloading your apps from scraper sites, then you are on your own. The APK you get might have been hacked or it might not even be the app you are looking for at all!

Fortunately, there’s an easy little, trick you can apply in order to figure out if an APK mirror is safe to use. All you have to do is ask the site owner two simple question (check their FAQ):

Where do you get your APK files from?

In case the answer is, “we scraped them off Google Play” (and it pretty much always will be), your follow up question should be:

Can you actually prove that the APK files you are offering are (still) the same as the ones on Google Play?

The answer will always be effectively “no”. And that’s also the answers the question whether or not an APK mirror website is trustworthy. Forget social proof, forget recommendations, forget assurances and especially scouts honour. That’s all smoke and mirrors. None of this proofs anything. In computer security, promises that are not verifiable are worthless. Simple as that.

The only way to be sure you are get the real thing is by getting it straight from the source. If you can’t access Play directly from your Android device, then you are looking for an APK downloader, not a “trustworthy” APK mirror site.