Home → Why APKs are scams
I Downloaded Forty "Poker Bot APKs". None Played Poker.
Over 2024 and 2025 I made a habit of sandboxing every public "poker bot APK" I could find — Telegram drops, dodgy SEO sites, YouTube comment links, the works. Forty-plus binaries. Zero of them played a hand of poker. Every single one was one of three things.
Flavour one — Crypto miner / device adware
This is the most common. The APK installs, shows a glossy splash screen with a logo lifted from some real poker site, then quietly schedules a foreground service that mines Monero or runs an ad-fraud SDK. You'll see the device get warm even when the screen's off. Battery dies in four hours.
The tell: the APK asks for an unusual combination of permissions during install — `FOREGROUND_SERVICE`, `WAKE_LOCK`, `RECEIVE_BOOT_COMPLETED`, and disabling battery optimization. A genuine poker client wants none of that. If your wallet wanted to mine while you slept, it wouldn't disguise itself as PPPoker bot v3.2.
Flavour two — Account harvester
The APK opens to a login screen that looks pixel-perfect like the room's actual app. You type your credentials. The form POSTs them to a server that isn't the room. A few hours or a few weeks later your account is emptied and your linked bank card has a $400 charge from a casino you've never heard of.
The tell: the binary is suspiciously small (under 6 MB — a real Android poker app is 60-120 MB), it doesn't bundle the room's normal resources, and the login screen accepts any credentials without ever showing the lobby. If your "free poker bot" loads in two seconds on a five-year-old phone, it isn't loading anything real.
Flavour three — Non-functional shell
The most boring kind. The APK is a developer's failed weekend project, dressed up by a reseller to look finished. It opens, shows a half-broken table screenshot, says "connecting…" forever, and crashes on the first tap. No malware, no harvest — just nothing. The seller has already taken your $50 in BTC and stopped answering on Telegram.
The tell: the seller insists on payment before any demo, the screenshots in the listing are reused from a Reddit thread two years old, and the Telegram channel has 800 members but nobody who can answer a technical question.
Why no real project ships publicly
Public distribution is a death sentence. The moment a working bot binary is on a public CDN, three things happen inside 48 hours.
One, the rooms' security teams grab a copy, decompile it, fingerprint the behaviour, and ship a detection patch in their next app update. Every player using that binary gets banned in the same wave. Two, the binary gets reposted on twenty resale sites with the licence check stripped out — your paying customers churn, your engineering investment is gone. Three, half the legitimate buyers were rooms-side security people sock-puppeting from the start, and they were always going to do the first thing.
Real projects survive by being private. Custom builds, NDA'd clients, on-call engineers who patch within hours of an app update. The binary lives on the operator's own devices, not on yours. That is structurally incompatible with a "download free APK" page and always will be.
What to do instead
If you're a recreational player who wants to play with assistance — install the room's real app, play with it yourself, get better. There is no shortcut available to you.
If you're an operator — a private club admin, a liquidity contractor, someone running games for a closed circle — talk to engineers, not Telegram sellers. The build is custom by definition. Expect a five-figure starting conversation and a multi-month engagement. That sounds expensive until you compare it to the alternative, which is paying $200 for a binary that mines crypto on your nephew's phone.