androguard

Reverse engineer and analyze Android applications

TLDR

Analyze an APK file

$ androguard analyze [app.apk]

Decompile to Java source

$ androguard decompile -o [output_dir] [app.apk]

Show manifest permissions in an APK

$ androguard axml [app.apk] | grep permission

Disassemble DEX to smali

$ androguard disassemble [app.apk]

Check for signing issues

$ androguard sign [app.apk]

SYNOPSIS

androguard command [options] apkfile_

androguard is a Python tool for reverse engineering, malware analysis, and security assessment of Android applications. It can analyze APK files, decompile DEX code, parse Android manifests, and extract permissions and components.The tool provides both command-line utilities and a Python API for programmatic analysis, making it useful for both manual review and automated security scanning.

PARAMETERS

analyze

Open an IPython shell to start reverse engineering interactively

decompile

Decompile an APK to Java source and create control flow graphs

disassemble

Disassemble Dalvik (DEX) bytecode

axml

Parse and display the AndroidManifest.xml or other AXML files

arsc

Decode resources.arsc

apkid

Print the package name, version code, and version name of an APK

sign

Print the fingerprints of all certificates inside an APK

Generate a call graph and export it to a graph format

-o dir

Output directory (required for decompile)

-i file

Input APK (legacy; the APK is usually given as a positional argument)

-f format

Control flow graph format (png, jpg, raw)

-d name

Decompiler to use (default: DAD)

-l regex

Limit processing to methods matching a regex

CAVEATS

Decompilation is not always perfect; obfuscated code may be difficult to read. Some native code cannot be analyzed. Analysis of large APKs may consume significant memory.

HISTORY

androguard was developed by Anthony Desnos starting around 2012. It became one of the primary open-source tools for Android application security analysis.

RESOURCES

Source code · Documentation