If you are badly trying to host on Apache an Android app .apk file without success, you might want to check the following few things:

1) Check your /etc/mime.types

Ensure you have set a proper mime type like bellow:

    application/vnd.android.package-archive         apk

2) Check that your device does allow download from untrusted stores

3) Do not set .htaccess Auth for particular .apk file types

If you were trying to prevent anybody to be able to download your apk and have set an .htaccess Auth, then that’s your issue…

It’s seems that on Android plateform browsers (all?) does not support .htaccess on downloading .apk. If you have a site where pages are being protected, browser do save .htaccess credentials while navigating, but onces reaching the .apk file, it does not play the credendials anymore and does not ask for it back either. Just because you have the good attitude, if you check on your apache access log, you could see a “HTTP/1.1 401” type of error check RFC on W3.org.

So your only option is to keep any other area of the site protected by the .htpasswd and only exclude .apk from Auth directive.

To do this your .htaccess file could look like bellow:

AuthName "This page require authentication!"
AuthType Basic
AuthUserFile "/<my-secure-path-from-outside-web-server-area>/<mysite-htpasswd-file>"
Require valid-user
SetEnvIf Request_URI "(.*\.apk)$"  allow
Order allow,deny
Allow from env=allow
Satisfy any