Skip to content

Android package (.apk)

.apk file signature | application/vnd.android.package-archive

Android Package (APK) is the package file format used by Android applications, developed and maintained by Google through the Android platform. It is used to distribute and install apps, bundling application code, resources, manifest data, and signing information for devices and compatible emulators. APK files should be obtained from trusted sources, as modified packages can contain malware; newer Android versions also enforce stricter app-signing and installation controls.

Safe

Magic Bytes

Offset 0
50 4B 03 04

Sources: Wikipedia, Gary Kessler

All Known Signatures

3 signature variants are documented for .apk files across multiple sources.

Hex Signature Offset Sources
50 4B 03 04 0 Wikipedia, Gary Kessler
50 4B 05 06 0 Wikipedia
50 4B 07 08 0 Wikipedia

Extension

.apk

MIME Type

application/vnd.android.package-archive

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .apk files in Python

Python 
def is_apk(file_path: str) -> bool:
    """Check if file is a valid APK by magic bytes."""
    signature = bytes([0x50, 0x4B, 0x03, 0x04])
    with open(file_path, "rb") as f:
        return f.read(4) == signature

How to validate .apk files in Node.js

Node.js 
function isAPK(buffer: Buffer): boolean {
  const signature = Buffer.from([0x50, 0x4B, 0x03, 0x04]);
  return buffer.subarray(0, 4).equals(signature);
}

How to validate .apk files in Go

Go 
func IsAPK(data []byte) bool {
    signature := []byte{0x50, 0x4B, 0x03, 0x04}
    if len(data) < 4 {
        return false
    }
    return bytes.Equal(data[:4], signature)
}

API Endpoint

GET /api/v1/apk
curl https://filesignature.org/api/v1/apk

See the full API documentation for all endpoints and parameters.

Related Formats

.jar .aar .class .dex

Frequently Asked Questions

What is a .apk file?

A .apk file is a Android package file. Android Package (APK) is the package file format used by Android applications, developed and maintained by Google through the Android platform. It is used to distribute and install apps, bundling application code, resources, manifest data, and signing information for devices and compatible emulators. APK files should be obtained from trusted sources, as modified packages can contain malware; newer Android versions also enforce stricter app-signing and installation controls.

What are the magic bytes for .apk files?

The magic bytes for Android package files are 50 4B 03 04 at byte offset 0. These bytes uniquely identify the file format regardless of the file extension.

How do I validate a .apk file?

To validate a .apk file, read the first bytes of the file and compare them against the known magic bytes (50 4B 03 04) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.

What is the MIME type for .apk files?

The primary MIME type for .apk files is application/vnd.android.package-archive.

Is it safe to open .apk files?

Android package (.apk) files are generally safe to open. They are classified as low risk because they primarily contain data rather than executable code. However, always ensure files come from a trusted source.