Four names come up every time someone goes looking for an alternative to Google Play: Aptoide, Aurora Store, F-Droid, and APKMirror. They look like they solve the same problem, but they work in completely different ways, serve completely different needs, and carry completely different risks. Installing the wrong one for your situation means either dealing with a broken anonymous-login system, waiting weeks for app updates, or getting an APK with no verification at all.
This guide covers what each one actually does, where each one is genuinely safe and where it is not, and which one to install based on your specific situation.
Quick comparison
| Aptoide | Aurora Store | F-Droid | APKMirror | |
|---|---|---|---|---|
| What it is | Independent store | Google Play client | FOSS-only store | APK hosting service |
| App source | Own catalogue + third-party stores | Google Play (mirrored) | Open-source repos | Google Play + OEM firmware |
| Google account required | No | Yes (as of 2026) | No | No |
| Signature verified | Partial | Same as Play Store | Yes (own key) | Yes (original dev key) |
| Malware scanning | In-house multi-engine | Google’s review | Built from source | Signature only |
| FOSS (client) | No | Yes (GPL-3.0) | Yes (GPL-3.0) | No |
| FOSS (apps) | No | No | Required | No |
| Update speed | Fast | Same as Play Store | Slow (main repo) | Fast |
| Aptoide TV / Fire TV | Yes | No | No | No |
| Install method | App | App | App | App + website |
Safety matrix
Safety works differently across these four stores, and that matters before anything else.
| Aptoide | Aurora Store | F-Droid | APKMirror | |
|---|---|---|---|---|
| APK origin | Third-party uploads | Google Play servers | Source code builds | Google Play / OEM |
| Signature check | Partial | Full (Play-signed) | Full (F-Droid-signed) | Full (original dev key) |
| Code review | No | No | Partial (open-source review) | No |
| Malware incidents | Yes (documented) | Inherits Play risk | Very rare | None documented |
| Overall risk | Medium | Low-medium | Low | Low |
Aptoide runs every app through an in-house multi-engine anti-malware scanner and requires a “Trusted Badge” for apps that pass all checks. That system catches most known threats. It does not catch everything: fake apps with malicious payloads have made it through as recently as 2025, including a fake DALL-E 3 app confirmed as trojanware. Aptoide’s model (allowing third-party curated stores within the platform) is why the risk is higher than the others. A developer uploading to a personal store within Aptoide bypasses the same scrutiny applied to the main catalogue.
The 2019 data breach (39 million accounts, confirmed by Have I Been Pwned) is worth knowing about if you have an old Aptoide account. There have been no comparable incidents since, but the platform has fewer security guarantees than the alternatives below when it comes to what gets uploaded.
Aurora Store inherits whatever Google Play’s review process approves. That process has its own blind spots (malicious apps have cleared Play Store review repeatedly), but it is meaningfully better than user-uploaded APKs. The risk vector here is the authentication layer: Aurora was designed to access Play using anonymous shared accounts, which Google banned in bulk starting mid-2023. Anonymous login no longer works reliably in 2026.
F-Droid’s main repository builds apps from source code and signs them with its own key. That means you get an independent build verification on top of the open-source review. The tradeoff is that this process takes time: main-repo updates typically lag upstream releases by weeks. IzzyOnDroid, a popular third-party F-Droid repo, distributes developer-signed APKs instead, which moves faster but moves some of the trust back to the developer.
APKMirror verifies every APK against the developer’s original signing certificate. If the certificate does not match, the file does not get listed. This does not mean the APK is clean in the security sense (a malicious app that passes Play Store review will have a valid signature), but it guarantees you are getting exactly what the original developer released. APKMirror does not host modded APKs or unofficial builds.
Aptoide
Aptoide is the oldest of the four, founded in Lisbon in 2009. It runs as a full Android app store with its own catalogue of 500,000+ apps, and it allows publishers to create their own curated “stores” within the platform. That last feature is why you find apps on Aptoide that are unavailable or banned elsewhere: store owners can publish apps independently of central review.
The catalogue includes apps from categories Google Play restricts, regional apps locked out by Play Store geography, and older versions of apps you might want to roll back to. Aptoide TV extends this to Android TV boxes and Amazon Fire TV devices, which makes it particularly useful if you want more than Amazon’s curated catalogue on a Fire Stick.
The safety concern is real and worth stating plainly. The “Trusted Badge” system is meaningful, but Aptoide is not as safe as F-Droid or APKMirror by design. Third-party stores within the platform operate with less scrutiny. If you install Aptoide, stick to the main verified catalogue and avoid installing apps from obscure individual stores within it.
Aptoide was removed from Google Play. Download it directly from aptoide.com or via the Samsung Galaxy Store.
Where it falls short: Malware does get through, and the third-party store model creates real risk for users who install apps from unvetted sources within the platform. The user interface has not kept pace with Play Store’s polish. No anonymous-access concern here (no Google account needed), but the trust model relies entirely on Aptoide’s own scanning.
Pricing: Free.
Download: aptoide.com |
Bottom line: The best choice for apps that are not on Google Play at all, apps unavailable in your region, or Android TV. Not the safest store in this list, so stick to Trusted Badge apps and the main verified catalogue.
Aurora Store
Aurora Store is not an independent app store. It is an open-source client for Google Play: every app you install through Aurora comes directly from Google’s servers, signed by the original developer, exactly as it would be from the official Play Store. The difference is that Aurora does not require a Google account to browse and download.
That distinction matters less than it used to. Aurora was built around “anonymous accounts” that allowed access to Google Play without logging in. Google systematically banned those shared accounts in 2023, and as of 2026 the anonymous login system is disabled indefinitely. You now need to log in with a real Google account or use session-only mode, which limits functionality. The “no-Google-account-required” case that many people install Aurora for is no longer reliable.
What Aurora still delivers: a clean, ad-free interface for browsing Google Play, per-app spoofing to change your device fingerprint (useful for region-locked apps), and access to split APKs. It is GPL-3.0 licensed and available on F-Droid. Version 4.8.1 was released in February 2026.
Aurora is not available on Google Play (Google would not approve a client that bypasses its authentication). Download it from F-Droid.
Where it falls short: Anonymous login is broken. You need a Google account to use it properly in 2026, which largely defeats the purpose for privacy-focused users. The interface occasionally breaks when Google changes its internal API. It is only as safe as what Google Play allows through, which includes a history of malicious apps clearing review.
Pricing: Free, GPL-3.0.
Download: F-Droid | GitLab releases
Bottom line: Install this only if you want a better interface for an existing Google account, or if you need per-app device spoofing for region-locked Play Store content. Do not install it expecting anonymous Play Store access in 2026.
F-Droid
F-Droid is a repository for free and open-source Android apps, full stop. The main repository currently hosts 4,337 apps, and every one of them must be open source. F-Droid builds apps from source code itself and signs them with its own key, adding an independent verification step on top of whatever the developer’s own build process does.
That process produces the strongest safety guarantees in this comparison. There are no proprietary apps, no trackers hidden in binaries, and no closed-source dependencies silently bundled in. F-Droid’s “anti-features” labeling system flags apps that include optional trackers, rely on non-free network services, or promote non-free add-ons, so you can see exactly what you are getting before installing.
The tradeoff is speed. Building apps from source takes time, and main-repo updates typically trail upstream releases by weeks or more. For actively developed apps, that lag matters. The practical workaround is adding IzzyOnDroid as a secondary repo. IzzyOnDroid hosts 1,368 apps as developer-signed APKs rather than F-Droid-rebuilt ones, which means it updates much faster. Adding it to F-Droid takes one step: go to Settings, add the repo URL from apt.izzysoft.de/fdroid, and IzzyOnDroid apps appear alongside main-repo apps.
F-Droid is not available on Google Play. Download it directly from f-droid.org.
Where it falls short: Only 4,337 apps. Most mainstream commercial apps do not meet the FOSS requirement and will never be here. No WhatsApp, no Spotify, no banking apps. If you want Google Play’s breadth, F-Droid is not a replacement. Also: F-Droid’s own build key means the APK signatures will not match what you would get from Google Play or the developer directly, which creates complications if you want to switch between sources for the same app.
Pricing: Free, GPL-3.0.
Download: f-droid.org
Bottom line: The safest option on this list for anyone who uses open-source apps. If you run a privacy-focused Android setup or a de-Googled phone, F-Droid is not optional. For anyone who needs mainstream commercial apps, it works alongside Aptoide or APKMirror rather than replacing them.
APKMirror
APKMirror is not an app store. It is a curated hosting service for APKs pulled from Google Play and from original device firmware. Every file is verified against the original developer’s signing certificate before it goes live. If the signature does not match, the file is not listed. This makes APKMirror the most reliable source for knowing that what you download is exactly what the developer released.
The site is run by Artem Russakovskii and Illogical Robot LLC, operating independently since Android Police was sold to Valnet Inc. in 2021 (APKMirror was not part of that sale). The APKMirror Installer app (version 2.0.3, rebuilt in Jetpack Compose) is available on Google Play and handles the installation of split APKs downloaded from the website.
APKMirror’s primary use case is version control: getting the latest staged rollout before it hits your device, rolling back to a previous version after an update breaks something, or installing a regional variant. The website organizes every historical release by version code, so if a June update broke your app, you can install the May build in two minutes.
The limitation is that APKMirror only hosts what Google Play has already approved. It cannot give you apps that are absent from or removed from the Play Store. It also does not scan for malware beyond signature verification: a malicious app that cleared Google’s review will have a valid signature, and APKMirror will host it.
Where it falls short: No app discovery, no auto-updates, web-first experience. The Installer app helps, but there is no background update engine the way real stores have. Requires more manual work than any other option here.
Pricing: Free. The website runs ads; the installer app has no subscription.
Download: APKMirror Installer | apkmirror.com
Bottom line: Use APKMirror for version control, early releases, and staged rollout access. Not for app discovery or as a daily driver store.
Which one to install
Pick Aptoide if you want apps that are not on Google Play, apps blocked in your region, or an Android TV solution. You accept a medium-trust environment in exchange for the broadest catalogue. Stick to Trusted Badge apps.
Pick Aurora Store if you want a cleaner interface for Google Play and you have a Google account. Useful for per-app device spoofing on region-locked apps. Do not install it if your goal is avoiding a Google account entirely: that use case is broken in 2026.
Pick F-Droid if you care about open-source software and privacy. Combine it with IzzyOnDroid for faster updates. F-Droid is essential on any de-Googled Android setup (GrapheneOS, CalyxOS, DivestOS) and pairs well with Aptoide for any apps the FOSS repo does not cover.
Pick APKMirror if you need specific version control, want an app before its staged rollout reaches your device, or need to roll back a bad update. Not a daily driver, but irreplaceable for what it does.
You can use more than one. F-Droid for open-source apps, Aptoide for everything else, and APKMirror bookmarked for version control is a reasonable combination. The only pairing that is redundant is Aurora plus Aptoide: if you need Play Store access, use Aurora; if you need off-Play-Store apps, use Aptoide.
Stay on Google Play if you are not doing anything Play Store does not support. These alternatives exist because Play Store has specific gaps. If none of those gaps affect you, the additional attack surface is not worth it.
FAQ
Is Aptoide safe to use in 2026? Aptoide is reasonably safe for apps in its main verified catalogue that carry the Trusted Badge. The platform has a documented history of malicious apps slipping through, particularly in third-party stores hosted within Aptoide. We recommend using it only for Trusted Badge apps and avoiding individual user-curated stores within the platform unless you trust the source. The 2019 data breach is relevant if you have an old account: change that password and check haveibeenpwned.com.
Does Aurora Store still work without a Google account? No. Anonymous login has been disabled indefinitely as of mid-2023 and remains non-functional in 2026. Google banned the shared anonymous accounts Aurora relied on. You need to sign in with a real Google account to use Aurora Store today. If avoiding a Google account is your goal, Aptoide or F-Droid are better options.
What is the difference between F-Droid and IzzyOnDroid? F-Droid’s main repository builds apps from source code and signs them with F-Droid’s own key. Updates are slow, but the build process provides independent verification. IzzyOnDroid is a third-party F-Droid repository that hosts developer-signed APKs instead of F-Droid-rebuilt ones. IzzyOnDroid updates faster and includes more apps, but the trust is in the developer’s signature rather than an independent build. You can add both in the F-Droid app.
Can I use APKMirror to get apps removed from Google Play? No. APKMirror only hosts APKs that were available on Google Play at some point. Once an app is removed from Play Store, APKMirror may retain older versions that were hosted before removal, but it does not carry apps that never appeared on Play Store. For apps that were never on Play Store or have been fully removed, Aptoide is the more likely source.
Which of these is best for a de-Googled Android phone like GrapheneOS? F-Droid for open-source apps, Aptoide for everything else. GrapheneOS includes the Sandboxed Google Play feature, which lets you run Play Store apps in an isolated sandbox. If you use that, Aurora Store is also an option. For users who want no Google contact at all, F-Droid plus Aptoide covers most needs.
Is APKMirror run by Android Police? No longer. APKMirror is operated by Illogical Robot LLC under Artem Russakovskii. Android Police was sold to Valnet Inc. in 2021, but APKMirror was excluded from that sale and continues to operate independently.
For a broader look at the full landscape of Play Store alternatives, including Uptodown, APKPure, and Obtainium, see our best alternatives to Google Play Store guide. For apps you can get through these stores that are unavailable on Play Store, see apps not on Google Play.
