← Back to Blog

Reverse Engineering Android Apps: A Beginner's Guide

SecurityAndroid

Ever wondered how an Android app works under the hood? Here’s how to peek inside.

Tools You’ll Need

# Install tools
sudo apt-get install apktool
pip install frida-tools

Step 1: Get the APK

# From device
adb pull /data/app/com.example.app/base.apk

# Or download from APKMirror, APKPure

Step 2: Decompile

# Decompile APK
apktool d base.apk -o output/

# Output structure:
# output/
#   AndroidManifest.xml
#   res/          # Resources
#   smali/        # Decompiled code

Step 3: Analyze Code

Convert to Java

# Use jadx for better readability
jadx base.apk -d output-java/

# Now you have .java files

Example Decompiled Code

public class MainActivity extends AppCompatActivity {
    private String apiKey = "sk_live_abc123";  // Oops, hardcoded!
    
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
        
        // API call
        makeRequest("https://api.example.com/data");
    }
}

Step 4: Dynamic Analysis with Frida

// hook.js
Java.perform(function() {
    var MainActivity = Java.use("com.example.app.MainActivity");
    
    MainActivity.makeRequest.implementation = function(url) {
        console.log("API call to: " + url);
        return this.makeRequest(url);
    };
});

# Run Frida
frida -U -f com.example.app -l hook.js

Common Findings

1. Hardcoded Secrets

// Bad practice
String apiKey = "sk_live_abc123";
String dbPassword = "admin123";

2. Insecure Network Calls

// No certificate pinning
HttpURLConnection conn = (HttpURLConnection) url.openConnection();

3. Root Detection

public boolean isRooted() {
    return new File("/system/app/Superuser.apk").exists();
}

Bypassing Root Detection

// Frida script
Java.perform(function() {
    var RootCheck = Java.use("com.example.app.RootCheck");
    RootCheck.isRooted.implementation = function() {
        console.log("Root check bypassed");
        return false;
    };
});

Ethical Considerations

Legal uses:

  • Security research on your own apps
  • Malware analysis
  • Learning

Illegal uses:

  • Stealing proprietary code
  • Bypassing licensing
  • Distributing modified apps

Protecting Your Apps

  1. ProGuard/R8: Obfuscate code
  2. Certificate Pinning: Prevent MITM
  3. Root Detection: Multiple checks
  4. Encrypt Secrets: Use Android Keystore
  5. Tamper Detection: Verify APK signature

Have you reverse engineered an app? What did you find?

← Back to Blog