Recently, we've published a guide on how to add dependencies for only specific productFlavors. After we've implemented the steps necessary, we wanted to make sure that the final .apk actually does not contain any unwanted classes anymore. In this post, we'll show you how to check which classes and resources are in an apk.
Note: this guide is designed for decompiling your own apk, and not the hard work of other developers. Thus, we did not include any steps to reverse-engineer or work-around code obfuscation.
Preparation: Installing the Tools
An Android apk is basically a zipped directory, which contains of some raw resources (images, layout files, ..) and a
classes.dex file. This file contains all actual code and interests us the most. Let's download all the tools we need:
- You'll need to unzip the apk. You can use either the built-in functionality of your operating system, or install your favorite (un)archiver like 7-Zip.
- In order to reverse the
classes.dexfile to a
.jar, you'll need to download the dex2jar tool.
- Lastly, in order to make the
.jarfile readable for the human eye, download and run JD-Gui.
Getting Your Code Back
Alright, now it's time to do the actual work. Copy your apk file into a directory you want to work in. Unzip the apk using the tool of your choice and you should get a directory with a few sub directories and a few files.
Feel free to browse the
AndroidManifest.xml or the
res directory. The most interesting piece is the
classes.dex. Thus, switch to your downloaded
dex2jar tool and open a new terminal.
If you're on Mac OS, execute
sh d2j-dex2jar.sh -f -o output.jar your_app_input.apk. Windows users can use the
.bat file to create the
.jar file. Once the tool ran through, browse to the new
Viewing the Decompiled Code
Lastly, start the downloaded
JD-GUI tool and use it to open the
You can browse all packages and classes, which are in your apk. The code is a stripped version and doesn't contain any comments or redundant structures you're seeing in your IDE. Remember, this is the compiled minimization of your app. Nevertheless, it should give you enough information to learn about the basics of the app. For example, it helped us to verify that there are no packages related to the admob library in the app anymore.
If you just need a quick decompile, you can use the online tool at www.decompileandroid.com/.
For more advanced decompiling purposes you could take a look at apktool, which gives a lot of additional helpers.
No matter what tool you use, there will be a time when you need to decompile an Android app. We hope this guide gave you a jump start. Share any additional tips you have in the comments!