Android APK hacking how-to
Install and configure SDK
install Android Studio (google it)
configure your shell (considering Linux+Bash):
export ANDROID_HOME=$HOME/Android/Sdk export PATH=$PATH:$ANDROID_HOME/tools export PATH=$PATH:$ANDROID_HOME/platform-tools
if you plan on using Android Studio's IDE, mind the following:
- if the apply changes button is disabled (thus disallowing quickly redeploying the app after some change), then use the "invalidate caches and restart" Android Studio option
- if the name of your Android device doesn't show up correctly, doing the same as above will also fix it
put your Android in debugging mode (google it)
if you run into this issue:
com.android.ddmlib.AdbCommandRejectedException: insufficient permissions for device: user in plugdev group; are your udev rules wrong?
Then you may need to also connect as MTP, otherwise
adbwon't work (see this)
adb devicesto verify that your device was recognized
Choose some app to pull
Choose one of the apps you have installed on your Android. Go to its Play Store page and take note of its package name that appears in the URL. For instance:
The package name is
Considering your Android is connected and in debugging mode, proceed to pull the apk:
> adb shell pm path com.ubercab package:/data/app/com.ubercab-lzaIdKjzcMboa5YtWZ15Ew==/base.apk
This will give the path to the apk file. Pull it:
> adb pull /data/app/com.ubercab-lzaIdKjzcMboa5YtWZ15Ew==/base.apk
Notice it will download
base.apk to the current folder. To pull it to somewhere else, append an extra param telling where to put it.
Here's a fish function to do this all at once:
> function adbpullpkg; adb shell pm path $argv | grep -o -P "(?<=package:).*" | xargs -I "%s" adb pull "%s" $argv; end
You may want to rename
base.apk to something more meaningful. The remaining of this how-to will still use
base.apk, though. Remember to replace it accordingly.
Use apktool. Follow its documentation and install it. Finally:
> apktool d base.apk
apktool handles binary manifest.xml and all the stuff necessary to have a working source (though no Java code, only smali). Here you can experiment changing code or configuration files before reassembling it.
Use apktool to build it. Below,
base refers to the folder where the apk was disassembled to:
> apktool b base
If all went well, now
base/dist contains your new apk file, ready to be signed and delivered.
See this for a thorough explanation. For a quick one:
go to the folder where apktool generated the apk
> $ANDROID_HOME/build-tools/28.0.3/zipalign -v -p 4 base.apk base-aligned.apk
prepare key if it doesn't exist yet:
> keytool -genkey -v -keystore my-release-key.jks -keyalg RSA -keysize 1024 -validity 999999 -alias my-alias
> $ANDROID_HOME/build-tools/28.0.3/apksigner sign -ks my-release-key.jks --out base-release.apk base-aligned.apk
> $ANDROID_HOME/build-tools/28.0.3/apksigner verify base-release.apk
if it says nothing, signature is good.
> adb install base-release.apk