Earlier this week, the developer of SmartTube, the most popular alternative YouTube app for Android TV and Fire TV devices, announced that his app’s digital signature had been exposed. A new version of the app using a new digital signature has since been released. While everyone is encouraged to switch to the new app, SmartTube’s developer has shared more information with me about what happened that may make you want to take additional precautions if you’ve installed or updated the app recently.

SmartTube’s developer told me that the computer used to create the APKs for the project’s official GitHub page was compromised by malware. As a result, some official SmartTube releases were unintentionally released with malware. It’s unclear which version was first affected, but the compromise seems to have first occurred earlier this month. SmartTube versions 30.43 and 30.47 from APKMirror are both being flagged as infected by malware scanners.

It is likely the presence of this malware that caused Google and Amazon to forcibly uninstall SmartTube on some devices, not the exposed digital signature as first suspected. SmartTube’s developer says the compromised machine has been wiped and is confident that both the new SmartTube releases and the machine that created them are malware-free.

All older versions of SmartTube have been removed from the project’s GitHub in an abundance of caution. While there does not appear to be any evidence that the app’s digital signature was actually stolen or used by malicious actors, that too has been abandoned and replaced with a new one.

SmartTube version 30.56 is the first release built by the uncompromised machine and with the new digital signature. It can be installed using my Downloader app by entering code 28544 for the stable release or code 79015 for the beta release. This release does not appear on SmartTube’s release list yet because it contains some known issues that the developer hopes to fix before publishing it there.

It remains unknown what the malware that found its way into the official SmartTube APK files can actually do. Thankfully, SmartTube is programmed to only request minimal account permissions and does not ask for any login information directly. Even if you granted the app access to your Google Drive for backup purposes, your Google account and general Google Drive files remain out of the app’s scope of permissions. Permissions regarding control of your YouTube account seem like the only thing that could have easily been exposed to the malware, as far as account access is concerned.

That said, since very little is know about the malware, you should assume the worst. If you use SmartTube and are concerned about your exposure to this malware, you should factory reset any device that had the app installed, especially if you installed or updated the app in November. It would also be a good idea to audit your Google account permissions and your YouTube account activity for anything unusual. Once your devices and account are in order, if you wish to reinstall SmartTube, be sure to only install the latest version through the codes/links above.