Noob question: How do you ensure that large executable files, such as .apks (different from apk), are safe?

By making sure (as much as you possibly could) the source you got it from is safe.

You'll reduce the risk.

Apks can be unpacked. There are plenty of offline scanners with high or no size limits too.

There are probably also Android-specific scanners.

I don't. I just consider them compromised and block network connection. Usually that works fine unless it's a ransomware or something..

Run them in a test sandbox environment, maybe run some network analytics to see if weird outbound or inbound calls start getting made... hope they are not more clever than your sandbox environment.

For APKs specifically... official support for Hypatia from the original team ended last year, but a 'MaintainTeam Organization' seems to be attempting to pick up the slack, and keep updating with new malware signatures.

https://apt.izzysoft.de/fdroid/index/apk/org.maintainteam.hypatia

https://github.com/MaintainTeam/Hypatia

... not sure if its... actually getting regular updates though.

EDIT: derp, yeah

Also, as upstroke says, do a hash comparison from the actual proper source to verify you aren't getting a malformed or spoof version of whatever APK.

IDK install it on a VM?

Run the md5.

Of course that only tells you that you got what the author intended, not that what they intended is “safe”

religion

APK and APKS are just renamed zip files