Inspecting APK

Suppose that you are given an APK file, do you know what are the configurations, permissions, and application components of this application? In my work, I am required to automate extraction of application icon, package name and version code information from APKs. The Android SDK provides a handy tools, Android Asset Packing Tool (aapt), for this task. aapt allows developers to package Android application into an APK file. It is usually used by IDEs to build APK file. It can also be used to inspect an APK file.

aapt is located in <sdk>/platforms/android-X/tools/ folder, where "X" is the platform version (i.e. 8). appt is a very powerful tools with many possible options, you can find out more by running aapt without any argument in your terminal. I will be sharing some examples in this post.

aapt list antollroid.apk

This command lists all files in my Antollroid APK, full paths are shown. You can specify -v and -a switches to get more information.

aapt dump badging antollroid.apk

This command prints the package name, version code/name, icon path, and required permissions. If you need to keep track of multiple applications and versions, you can use package name and version code to uniquely identify applications and versions.

aapt dump xmltree antollroid.apk AndroidManifest.xml

This command prints the AndroidManifest.xml in a formatted (tree structure) manner with indentations. It does not recover the original AndroidManifest.xml file but it contains all information in the manifest file. You can also retrieve information from other XML files (i.e. layout, string values).

This is only tip of the iceberg. You use aapt to generate an APK and also modify existing APK file. I have a suggestion for readers. The last example shows how to get information from XML files, but the output is not in XML format. I encourage you to write an application that take this output and format into a valid XML. :)