So this just happened - those of you who have a Xiaomi phone know when you install apps it has it’s own “Virus Checker” screen which comes up before the app is approved for install. This is provided by Avast I just found out…
Anyway while installing an app from F-droid today I got an error message on this screen - which said “app from unknown source” and two buttons below - “Ignore” and “Install”. So I clicked on “Install” since I wanted to install the app and then noticed that the install process seemed a bit different (I can’t remember what happened exactly) but I checked the app on F-Droid and the version history wasn’t available - which a notice says means the app was installed from Play Store or somewhere else. But I just installed it from F-Droid!
So I tried another few apps and it happened again for one of them. I clicked around and there it was, some sort of Xiaomi app store installing versions of the app instead of the one I told my phone to install.
I guess there is an innocent explanation for this - stopping people from installing malware and giving them a “correct” version of the app they wanted - but I have disabled it on my phone, I know what I am doing and if I want the cracked version it’s because that’s the version I meant to install ;)
The package names would not be different if it’s installing a different (possibly malevolent) version of the same app.
Only the signature and other metadata would be different, but if the package name were different it would show as a different app entirely in places like f-droid, not as installed from elsewhere. It would show the intended app as not installed at all if the package name of the Xiaomi version wasn’t the same.