App reenginering – simplified

screenAPKWith a keen interest in information security, mobile technology, and digital forensics I have done quite a bit of mobile app security analysis for fun. 100 000 new apps are released in app-stores every day and some claim there is a significant number of malicious apps among them. I don’t disagree, based on the analyses I have done.

For Android the apk-toolkit, dex2jar, SQLite spy, dexplorer, ADB, APK extractors are some of the tools that can help you with the app security analysis, decompile and reenginering. However, they can be a bit non-intuitive to use and it takes more time than some might have if you just want to have a look.

For that reason, I recommend you to check out Android APK decompiler. It lets you upload an .apk file directly and provides you with a decompiled set of application files, code, graphics and media material and metadata.

E.g., if you have an app installed you can use an APK Extractor -app to extract the .apk file you want and upload it, or you can acquire .apk files from third party app stores directly. For the latter, this is a nice way to analyze if the app you got from a third party app-store is trustworthy. Be aware that many apps in these stores do have malicious code in them.

Obviously, the decompilers and reenginering tools are available for everyone, so if you would like to protect your own app from this check out binary protection of code, or obscure the code at compilation. In general for mobile app security you should check out OWASP top 10 mobile risks.