Awesome
ApkAnalyzer
Java app / library used to obtain detailed informations about Andoid APK files.
<a name="How_to_use_it"/>How to use
<a name="Prepare_for_first_use"/>Prepare for first use
If you want to build and make changes in code of ApkAnalyzer, you need to perform following steps. ApkAnalyzer uses Apktool for decompilation of Apk. You need to add Apktool to your maven repository.<br/>
- Download apktool_2.0.0rc4 from https://bitbucket.org/iBotPeaches/apktool/downloads<br/>
- Run following maven command : mvn install:install-file -Dfile=<path-to-apktool_2.0.0rc4-file> -DgroupId=ApkTool -DartifactId=ApkTool -Dversion=2.0.0.rc4 -Dpackaging=jar<br/>
ApkAnalyzer uses maven to build. It`s designed to allow you to customize way it works and various values as thresholds. This can only be done using public API, not using command line parameters (not implemented yet).
You can also use latest build jar with all dependecies and run it as a java program.
Command line parameters
| Parameter | Info |
|---|---|
| -analyze | Triggers analyze task. See [Analyze APKs] (#Analyze_APKs) chapter |
| -compare | Triggers compare task. See [Compare APKs] (#Compare_APKs) chapter |
| -statistics | Triggers statistics task. See [Statistics] (#Statistics) chapter |
| -in, --input-dir | Specify directory where input for task will be searched |
| -out, --output-dir | Specify directory where output of task will be saved |
Analyze APKs
In case you use jar file, this use case can be triggered with following command java -jar -analyze -in="your_input_dir" -out="your_output_dir"
This task unzip and decompile APK file using ApkTool. To find details about implementation, please explore [AnalyzeTask.java] (https://github.com/MartinStyk/ApkAnalyzer/blob/master/src/main/java/sk/styk/martin/bakalarka/execute/tasks/AnalyzeTask.java).
This task creates json file for every analyzed APK. See example of output file.
<a name="Compare_APKs"/>Compare APKs
In case you use jar file, this use case can be triggered with following command java -jar -compare -in="your_input_dir" -out="your_output_dir"
Directory your_input_dir must contain json files created by analyze task
Directory your_output_dir will contain data about similar APKs
This task only compares metadata. It uses informations about number of activities, services, broadcast recevers, content prividers, apk file size, dex and arsc file size to determine whether two APKs are at least similar. If so, it compares all files in APKs. Default threshold is set to 50% for each attribute. It can not be adjusted using CLI so far. In case you need to adjust it for your use, please feel free to see [CompareTask.java] (https://github.com/MartinStyk/ApkAnalyzer/blob/master/src/main/java/sk/styk/martin/bakalarka/execute/tasks/CompareTask.java) and related parts of code.
Output of this task is json file for every pair of similar APKs. Output is divided into specific folders according to certificate match and version of application match. Every json contains simple diff of two APKs with data including modified, added or deleted files. For example see this file or another one.
<a name="Statistics"/>Statistics
In case you use jar file, this use case can be triggered with following command java -jar -statistics -in="your_input_dir" -out="your_output_dir"
Directory your_input_dir must contain json files created by analyze task
Directory your_output_dir will contain statistics data
To find details about implementation, please explore [StatisticsTask.java] (https://github.com/MartinStyk/ApkAnalyzer/blob/master/src/main/java/sk/styk/martin/bakalarka/execute/tasks/StatisticsTask.java).
<a name="Collected_data"/>Collected data
<a name="ad"/>Attributes & description
<a name="basic"/>Basic apk metadata
| Name | Type | Description |
|---|---|---|
| fileName | String | Name of analyzed apk file |
| sourceOfFile | String | Location from where the file was downloaded |
| fileSize | Long | Size of whole apk file (in bytes) |
| dexSize | Long | Size of compiled sources in classes.dex file (in bytes) |
| arscSize | Long | Size of compiled resources in classes.dex file (in bytes) |
Android manifest metadata
| Name | Type | Description |
|---|---|---|
| packageName | String | See Android documentation |
| versionCode | String | See Android documentation |
| installLocation | String | See Android documentation |
| numberOfActivities | Integer | Total number of activities in application |
| numberOfServices | Integer | Total number of services in application |
| numberOfContentProviders | Integer | Total number of content providers in application |
| numberOfBroadcastReceivers | Integer | Total number of broadcast receivers in application |
| usesPermissions | List<String> | List of permissions used by application See Android documentation |
| usesLibrary | List<String> | List of libraries used by application See Android documentation |
| permissions | List<String> | List of permissions defined by application See Android documentation |
| permissionsProtectionLevel | List<String> | Protection level of permissions defined by application See Android documentation |
| usesFeature | List<String> | List of features used by application See Android documentation |
| usesMinSdkVersion | String | Minimum Sdk version required by app List of features used by application See Android documentation |
| usesTargetSdkVersion | String | Target Sdk version required by app See Android documentation |
| usesMaxSdkVersion | String | Maximal Sdk version requered by app See Android documentation |
| supportsScreensResizeable | Boolean | See Android documentation |
| supportsScreensSmall | Boolean | See Android documentation |
| supportsScreensNormal | Boolean | See Android documentation |
| supportsScreensLarge | Boolean | See Android documentation |
| supportsScreensXlarge | Boolean | See Android documentation |
| supportsScreensAnyDensity | Boolean | See Android documentation |
Certificate metadata
| Name | Type | Description |
|---|---|---|
| fileName | String | Name of certificate file (i.e CERT.RSA in MEATA-INF directory) |
| signAlgorithm | String | Signature algorithm name from the certificate |
| signAlgorithmOID | String | Signature algorithm OID string from the certificate |
| startDate | Date | notBefore date from the validity period of the certificate |
| endDate | Date | notAfter date from the validity period of the certificate |
| publicKeyMd5 | String | MD5 hash of public key |
| certBase64Md5 | String | Base64 MD5 hash of certificate |
| certMd5 | String | MD5 hash of certificate |
| version | Integer | Version value from the certificate |
| issuerName | String | Representation of the X.500 distinguished name using the format defined in RFC 2253 |
| subjectName | String | Representation of the X.500 distinguished name using the format defined in RFC 2253 |
Resources metadata
| Name | Type | Description |
|---|---|---|
| locale | List<String> | Localizations of string.xml file |
| numberOfStringResource | Integer | Number of entries in default string.xml file (currently not collected) |
| pngDrawables | Integer | Number of drawables in png format |
| ninePatchDrawables | Integer | Number of drawables in .9.png format |
| jpgDrawables | Integer | Number of drawables in jpg/jpeg format |
| gifDrawables | Integer | Number of drawables in gif format |
| xmlDrawables | Integer | Number of drawables in xml format |
| ldpiDrawables | Integer | Number of drawables located in ldpi folder |
| mdpiDrawables | Integer | Number of drawables located in mdpi folder |
| hdpiDrawables | Integer | Number of drawables located in hdpi folder |
| xhdpiDrawables | Integer | Number of drawables located in xhdpi folder |
| xxhdpiDrawables | Integer | Number of drawables located in xxhdpi folder |
| xxxhdpiDrawables | Integer | Number of drawables located in xxxhdpi folder |
| tvdpiDrawables | Integer | Number of drawables located in tvdpi folder |
| nodpiDrawables | Integer | Number of drawables located in nodpi folder |
| unspecifiedDpiDrawables | Integer | Number of drawables located in default drawable folder |
| rawResources | Integer | Number of resources in raw/ folder |
| layouts | Integer | Total number of layout resources in res/layout* folder |
| differentLayouts | Integer | Number of different layout resources in res/layout* folder |
| menu | Integer | Total number of menu resources in res/menu folder |
File hashes
| Name | Type | Description |
|---|---|---|
| dexHash | String | Hash of classes.dex from META-INF/MANIFEST.MF |
| arscHash | String | Hash of resources.arsc from META-INF/MANIFEST.MF |
| drawableHash | Map<String,String> | Hashes of files in res/drawable* folder from META-INF/MANIFEST.MF. Map<HashValue, fileName> |
| layoutHash | Map<String,String> | Hashes of files in res/layout* folder from META-INF/MANIFEST.MF. Map<HashValue, fileName> |
| otherHash | Map<String,String> | Hashes of all files in apk from META-INF/MANIFEST.MF. Map<HashValue, fileName> |
Used libraries
- xgouchet/AXML used code from this project, located in fr.xgouchet.axml package
- iBotPeaches/Apktool