It would hardly be a 100% capture rate; but if the local spooks and/or feds we’re smart, they would have had some of the nerds on their payroll set up and administer APK stashes months or years ago. Then, when you crack down on the primary sources, odds are good that a decent chunk of the jailbroken iPhones and Android devices set to accept APKs from anywhere just walk right in and voluntarily install your stuff.
Having that be their job would ensure that they have ample time and resources to dedicate to doing a good job, compared to impecunious warez kiddies, and they would be well placed to enjoy greater tacit acceptance of piracy and assorted nominally forbidden material, ensuring a high quality collection to help the Trojans blend in.
This doesn’t mean that all the Chinese warez kiddies and unofficial APK dumps are actually spook ops; but if you don’t have the security chops to do your own exhaustive audit, will you be able to tell which is which?
(Not that this applies exclusively to the Chinese: anywhere where software is distributed substantially on the basis of who is most motivated, without the resources, in most cases, for aggressive and suspicious cross-checking, the cost of entry for having one of your people be that motivated and reasonably competent distributor is fairly low: potentially a single developer salary and maybe a little slush fund for VPS time and hosting.
Probably not worth it for the more labor intensive(and commercially unpopular and heavy on skilled reverse engineers) game and software cracking; but being that guy on XDA who has well regarded unofficial builds for a whole bunch of phones; or the person with DD-WRT/OpenWRT ports for devices that won’t be officially supported for another few revisions, if ever? Or the one who seems to have a handy backup of everything that has ever gotten banhammered from the official app stores? A useful position to be in; and quite inexpensive.
