Is it possible to decompile an Android .apk file?

AndroidObfuscationApkDecompilingDex

Android Problem Overview

Are the users able to convert the apk file of my application back to the actual code? If they do - is there any way to prevent this?

Android Solutions

Solution 1 - Android

First, an apk file is just a modified jar file. So the real question is can they decompile the dex files inside. The answer is sort of. There are already disassemblers, such as dedexer and smali. You can expect these to only get better, and theoretically it should eventually be possible to decompile to actual Java source (at least sometimes). See the previous question decompiling DEX into Java sourcecode.

What you should remember is obfuscation never works. Choose a good license and do your best to enforce it through the law. Don't waste time with unreliable technical measures.

Solution 2 - Android

Decompilation of APK file is possible. But it might be difficult to understand the code if it is obfuscated.

Use Aapt (part of the Android SDK) or AXMLParser (from AndroGuard) to analyse and view info of an APK File

  • Retrieves the content of the AndroidManifest.xml file

  • Shows various information (e.g. permissions, activities, services, broadcast receivers, ...)

  • Command:

    Aapt

     aapt dump badging sampleApp.apk
 aapt dump permissions sampleApp.apk
 aapt dump xmltree sampleApp.apk

    AXMLParser

     apkinfo sampleApp.apk

Use ApkTool or NinjaDroid to disassemble and view the resources of an APK File

  • Disassembles the bytecode to smali/assembly

  • Extracts the AndroidManifest.xml, the CERT.RSA file and everything in res folder (layout xml files, images, htmls used on webview etc..)

  • Command:

    ApkTool

    apktool.bat d sampleApp.apk

java -jar apktool.jar -q decode -f sampleApp.apk -o myOutputDir

    NinjaDroid

    ninjadroid MyApk.apk --all --extract myOutputDir/

  • NOTE: You can achieve something similar by using zip utility like 7-zip. But, these tools also extract the .smali files of all .class files.

Use dex2jar to decompile the DEX files of an APK File into Java code

  • Generates the .jar file from a .apk file (note that the Java code of Android apps is usually obfuscated)

  • Needs JD-GUI to view the source code from the output .jar file

  • Command:

    dex2jar sampleApp.apk

d2j-dex2jar.sh -f sampleApp.apk -o myOutputDir/sampleApp.jar

Use JD-GUI to view the .jar file

  • Decompiles the .class files (obfuscated in a case of Android apps, but not in a case of other .jar files) and shows the corresponding Java code

Solution 3 - Android

I may also add, that nowadays it is possible to decompile Android application online, no software needed!

Here are 2 options for you:

Solution 4 - Android

Download this jadx tool https://sourceforge.net/projects/jadx/files/

Unzip it and than in lib folder run jadx-gui-0.6.1.jar file now browse your apk file. It's done. Automatically apk will decompile and save it by pressing save button. Hope it will work for you. Thanks

Solution 5 - Android

> Are the users able to convert the apk file of my application back to the actual code?

yes.

People can use various tools to:

  • analysis: your apk
  • decode/hack your apk
    • using FDex2 to dump out dex file
      • then using dex2jar to convert to jar
        • then using jadx to conver to java source code

> If they do - is there any way to prevent this?

yes. Several (can combined) ways to prevent (certain degree) this:

  • low level: code obfuscation
    • using Android ProGuard
  • high level: use android harden scenario

More details can refer my Chinese tutorial: 安卓应用的安全和破解

Solution 6 - Android

Sometimes you get broken code, when using dex2jar/apktool, most notably in loops. To avoid this, use jadx, which decompiles dalvik bytecode into java source code, without creating a .jar/.class file first as dex2jar does (apktool uses dex2jar I think). It is also open-source and in active development. It even has a GUI, for GUI-fanatics. Try it!

Solution 7 - Android

Yes, there are tons of software available to decompile a .apk file.

Recently, I had compiled an ultimate list of 47 best APK decompilers on my website. I arranged them into 4 different sections.

  1. Open Source APK Decompilers
  2. Online APK Decompilers
  3. APK Decompiler for Windows, Mac or Linux
  4. APK Decompiler Apps

I hope this collection will be helpful to you.

Link: https://www.edopedia.com/blog/best-apk-decompilers/

Categories
Recommended Android Solutions
Recommended Obfuscation Solutions
Recommended Apk Solutions
Recommended Decompiling Solutions
Recommended Dex Solutions

Previous Solution:

using uint vs int

C#

Next Solution:

Combining border-top,border-right,border-left,border-bottom in CSS

CssBorder

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionaryaxtView Question on Stackoverflow
Solution 1 - AndroidMatthew FlaschenView Answer on Stackoverflow
Solution 2 - Androidgtiwari333View Answer on Stackoverflow
Solution 3 - AndroidAndrew RukinView Answer on Stackoverflow
Solution 4 - Androidakhilesh JhaView Answer on Stackoverflow
Solution 5 - AndroidcrifanView Answer on Stackoverflow
Solution 6 - AndroidpolymView Answer on Stackoverflow
Solution 7 - AndroidMuhammad Furqan Ul HaqView Answer on Stackoverflow