Recently, we've published a guide on how to add dependencies for only specific productFlavors. After we've implemented the steps necessary, we wanted to make sure that the final .apk actually does not contain any unwanted classes anymore. In this post, we'll show you how to check which classes and resources are in an apk.
Note: this guide is designed for decompiling your own apk, and not the hard work of other developers. Thus, we did not include any steps to reverse-engineer or work-around code obfuscation.
Preparation: Installing the Tools
An Android apk is basically a zipped directory, which contains of some raw resources (images, layout files, ..) and a classes.dex
file. This file contains all actual code and interests us the most. Let's download all the tools we need:
- You'll need to unzip the apk. You can use either the built-in functionality of your operating system, or install your favorite (un)archiver like 7-Zip.
- In order to reverse the
classes.dex
file to a.jar
, you'll need to download the dex2jar tool. - Lastly, in order to make the
.jar
file readable for the human eye, download and run JD-Gui.
Getting Your Code Back
Alright, now it's time to do the actual work. Copy your apk file into a directory you want to work in. Unzip the apk using the tool of your choice and you should get a directory with a few sub directories and a few files.
Feel free to browse the AndroidManifest.xml
or the res
directory. The most interesting piece is the classes.dex
. Thus, switch to your downloaded dex2jar
tool and open a new terminal.
If you're on Mac OS, execute sh d2j-dex2jar.sh -f -o output.jar your_app_input.apk
. Windows users can use the .bat
file to create the .jar
file. Once the tool ran through, browse to the new .jar
file.
Viewing the Decompiled Code
Lastly, start the downloaded JD-GUI
tool and use it to open the .jar
file.
You can browse all packages and classes, which are in your apk. The code is a stripped version and doesn't contain any comments or redundant structures you're seeing in your IDE. Remember, this is the compiled minimization of your app. Nevertheless, it should give you enough information to learn about the basics of the app. For example, it helped us to verify that there are no packages related to the admob library in the app anymore.
Other Options
If you just need a quick decompile, you can use the online tool at www.decompileandroid.com/.
For more advanced decompiling purposes you could take a look at apktool, which gives a lot of additional helpers.
No matter what tool you use, there will be a time when you need to decompile an Android app. We hope this guide gave you a jump start. Share any additional tips you have in the comments!