Recently I've created the following online tool

Online APK Analyzer

The tool can be used to dissect Android APK files and extract various information stored in AndroidManifest.xml and other important files. Most of its logic was written in C/C++ and compiled into WebAssembly.

I sometimes find myself checking information about APKs that I've build (e.g. verify versionCode from APKs I've backed up) and I was thinking that having an additional option how to do this that doesn't require to install Android developer tools could be useful. So this was one of the reasons why I decided to create this tool. Additionally, I think WebAssembly is a really cool technology and together with PWA's it's kind of becoming an alternative to native mobile app development. So developing this tool was also a way to learn a bit more about this technology.

It is still a work in progress and I hope I can add some more features and fix the bugs that come along.

This online tool is somewhat related to my Android app - Power APK. The Android app has the advantage that it can easily access APKs of apps installed on the Android device. Of course, this online tool has the advantage that it doesn't need to be installed. The apps differ somewhat in what information they display. In the future I'm hoping to port features in between the apps, so that both apps can provide as much info as possible.

Features

  • extract app label and package name from manifest
  • show app icon (for now only basic png format)
  • show versionCode and versionName
  • show minimal supported sdk version
  • display main application components used by the app (activities, services, broadcast receivers, content providers)
  • display a list of requested permissions
  • dump the complete binary AndroidManifest.xml (which contains all the additional stuff that was merged by the build system)

TODO

I also would like to show which technologies and frameworks were used by the developer that created the app. This feature is already implemented in my Power APK, so I hope it won't be too difficult to port.

It would also be nice to display structured list of all the resources, all the ids, strings, references and the string pool. This should also give the user a better understanding of the APK format.

The wasm file is now a bit bloated (~4MB) because it still contains a lot of stuff that I don't use. I tried to take only the stuff I needed from AOSP and I changed many parts and plugged in my functions wherever needed. However, I put myself under time pressure to publish as soon as possible, and when there were dependencies where I did not completely understand how they work, I just plugged in the whole file, so that I'm at least able to compile. Here I still see a lot of room to reduce the final file size.

One additional optimization would be to reduce the JavaScript file size. Even though it is small in comparison to wasm (~300KB), it still contains a lot of unnecessary glue code. I removed already some parts of emscripten's code that I did not need, but there is still some additional stuff that is unnecessary. I focused on making the app work as soon as possible and all the templates and glue code inserted by emscripten that made it work without much effort from my side really sped up the development.

One additional thing that I think might be useful would be to provide an option to dump the .dex files and maybe even the native libraries. At least some function, package, or namespace names.

Previous Post

Add a comment