[android] Is it possible to decompile an Android .apk file?

Are the users able to convert the apk file of my application back to the actual code? If they do - is there any way to prevent this?

This question is related to android obfuscation apk decompiling dex

The answer is


Decompilation of APK file is possible. But it might be difficult to understand the code if it is obfuscated.

ApkTool to view resources inside APK File

  • Extracts AndroidManifest.xml and everything in res folder(layout xml files, images, htmls used on webview etc..)
  • command : apktool.bat d sampleApp.apk
  • NOTE: You can achieve this by using zip utility like 7-zip. But, It also extracts the .smali file of all .class files.

Using dex2jar

  • Generates .jar file from .apk file, we need JD-GUI to view the source code from this .jar.
  • command : dex2jar sampleApp.apk

Decompiling .jar using JD-GUI

  • decompiles the .class files (obfuscated- in a case of the android app, but a readable original code is obtained in a case of other .jar file). i.e., we get .java back from the application.

Download this jadx tool https://sourceforge.net/projects/jadx/files/

Unzip it and than in lib folder run jadx-gui-0.6.1.jar file now browse your apk file. It's done. Automatically apk will decompile and save it by pressing save button. Hope it will work for you. Thanks


Yes, there are tons of software available to decompile a .apk file.

Recently, I had compiled an ultimate list of 47 best APK decompilers on my website. I arranged them into 4 different sections.

  1. Open Source APK Decompilers
  2. Online APK Decompilers
  3. APK Decompiler for Windows, Mac or Linux
  4. APK Decompiler Apps

I hope this collection will be helpful to you.

Link: https://www.edopedia.com/blog/best-apk-decompilers/


Sometimes you get broken code, when using dex2jar/apktool, most notably in loops. To avoid this, use jadx, which decompiles dalvik bytecode into java source code, without creating a .jar/.class file first as dex2jar does (apktool uses dex2jar I think). It is also open-source and in active development. It even has a GUI, for GUI-fanatics. Try it!


I may also add, that nowadays it is possible to decompile Android application online, no software needed!

Here are 2 options for you:


Are the users able to convert the apk file of my application back to the actual code?

yes.

People can use various tools to:

  • analysis: your apk
  • decode/hack your apk
    • using FDex2 to dump out dex file
      • then using dex2jar to convert to jar
        • then using jadx to conver to java source code

If they do - is there any way to prevent this?

yes. Several (can combined) ways to prevent (certain degree) this:

  • low level: code obfuscation
    • using Android ProGuard
  • high level: use android harden scenario

More details can refer my Chinese tutorial: ??????????


Examples related to android

Under what circumstances can I call findViewById with an Options Menu / Action Bar item? How to implement a simple scenario the OO way My eclipse won't open, i download the bundle pack it keeps saying error log getting " (1) no such column: _id10 " error java doesn't run if structure inside of onclick listener Cannot retrieve string(s) from preferences (settings) strange error in my Animation Drawable how to put image in a bundle and pass it to another activity FragmentActivity to Fragment A failure occurred while executing com.android.build.gradle.internal.tasks

Examples related to obfuscation

Is it possible to hide/encode/encrypt php source code and let others have the system? Convert a PHP script into a stand-alone windows executable How do I hide javascript code in a webpage? Is it possible to decompile an Android .apk file? Best Java obfuscator? How can I hide or encrypt JavaScript code? Protect .NET code from reverse engineering? Best solution to protect PHP code without encryption How do I protect Python code? Is there a code obfuscator for PHP?

Examples related to apk

Application Installation Failed in Android Studio Difference between signature versions - V1 (Jar Signature) and V2 (Full APK Signature) while generating a signed APK in Android Studio? Session 'app': Error Installing APK Android Error Building Signed APK: keystore.jks not found for signing config 'externalOverride' Build and Install unsigned apk on device without the development server? The APK file does not exist on disk Android Studio: Application Installation Failed How to retrieve Key Alias and Key Password for signed APK in android studio(migrated from Eclipse) ADB Install Fails With INSTALL_FAILED_TEST_ONLY Upload failed You need to use a different version code for your APK because you already have one with version code 2

Examples related to decompiling

How to decompile to java files intellij idea How to decompile an APK or DEX file on Android platform? How to change already compiled .class file without decompile? Reverse engineering from an APK file to a project Decompile an APK, modify it and then recompile it Is it possible to decompile a compiled .pyc file into a .py file? Extract source code from .jar file Is there a way to get the source code from an APK file? Is it possible to decompile an Android .apk file? How can I protect my .NET assemblies from decompilation?

Examples related to dex

Unable to merge dex Android dex gives a BufferOverflowException when building Unable to execute dex: method ID not in [0, 0xffff]: 65536 How to extract code of .apk file which is not working? Unable to execute dex: Multiple dex files define Lcom/myapp/R$array; What are .dex files in Android? Is it possible to decompile an Android .apk file? decompiling DEX into Java sourcecode