Security Incident Reported in Ad-Free YouTube App SmartTube: Users Advised to Stay Alert
The signature key information of the SmartTube app, which allows users to watch YouTube videos on Android smart TVs and set-top boxes without ads, has been leaked.
This incident was identified as multiple users received Play Protect warning messages and had their apps blocked.
Figure 1. User report
The developer admitted that their signing key had been leaked and that a library performing malicious behaviors had been included in their app.
Figure 2. Developer notice
According to the user’s analysis, the SmartTube app version 30.51 included an obscure library called libalphasdk.so. This library is not present in the open-source code and is presumed to be added during the release build.
This library runs in the background without user consent and periodically collects and sends data through an encrypted communication channel. While no malicious activities such as DDoS botnets have been found so far, there is a risk that such features may be activated in the future.
Figure 3. SmartTube version 30.43 detected in Virustotal
Upon investigation, it was found that the malicious library has been included since version 30.27. Through the GitHub tag history, it is suspected that the issue began about a month ago.
Figure 4. SmartTube version 30.27
Figure 5. Malicious library embedded in the APK
Figure 6. Project tag history information
The developer identified the issue, stopped the existing signature key, and created a new signature key. They also changed the app identifier (package name). Afterward, they shared the changes through Telegram and announced that the updated app was uploaded in December 2, 2025.
Figure 7. APK created with the new signature
Because SmartTube is not an app distributed on an official store, regular users may have difficulty with the installation process. In fact, searching for “SmartTube installation” on Google shows that there are multiple recent posts on how to install the app.
Figure 8. SmartTube installation guide
Because it is difficult for regular users to distinguish between the leaked and original versions, it is recommended to delete the previously installed app and install a new version.
