Search APKs for string

search-connected-device.sh

# this assumes you've already connected to the target device with
# adb connect 192.168.X.X

# grab all the APKS off the device to local machine
# based on https://stackoverflow.com/a/4033005
# this works for firetv stick 4k, but didn't work on a slightly older device for some reason
# for i in $(adb shell pm list packages | awk -F':' '{print $2}'); do adb pull "$(adb shell pm path $i | awk -F':' '{print $2}')"; mv base.apk $i.apk 2&> /dev/null ;done
# use -f to grab path along with app and split it out in the loop
# additionally -3 lists only separately installed packages
# adb shell pm list packages -f -3
for i in $(adb shell pm list packages -f | awk -F':' '{print $2}'); do file=$(echo $i | cut -d '=' -f 1); app=$(echo $i | cut -d '=' -f 2); echo "pulling $file for $app"; adb pull "$file"; mv base.apk $app.apk 2&> /dev/null ;done

search_term=amplitude

# fast search inside apks using ripgrep
for file in *.apk; do rg --search-zip "$search_term" "$file" && echo "$file"; done
# not quite as fast search
# for file in *.apk; do unzip -c "$file" | grep "$search_term" && echo "$file"; done

# slower search inside apks will list individual files in the apk
for file in *.apk; do zipgrep "$search_term" "$file" && echo "$file"; done

In this case trying to find where api.amplitude.com is coming from. Have already installed a handful of apps (which I may reinstall now) after the search came up with the NBC app:

resources.arsc:Binary file (standard input) matches
classes.dex:Binary file (standard input) matches
classes3.dex:Binary file (standard input) matches
com.onemainstream.nbcunivers.android.apk