Hi, I am writing this post to make you guys aware of some security concerns regarding APK building and how to protect our source code. First, lets’ see how to open the source code from the given APK. the first challenge is to download the APK from the play store as it is not allowed to download the APK files due to security reasons. then how to get APK file?
How to get APK from play store?
There is no option to directly download the APK from the play store. We will use the APK backup manager to get the APK file as follow, first download the app whose source code you want to see.
Once the app and the backup manager is installed, open the app backup and restore app and look for your app, select it and press backup, it will download/backup the app to backup folder, then go to file manager and select the downloaded apk and share it your laptop using USB or any other option of your choice.
Step 2: Download the dex2jar for the conversion of .dex file to .class file and Jd-GUI for opening .class files in graphical user interface.
Step 3: Extract dex2jar and Jd-GUI on some same folder and copy the apk file also to same folder, it should look like
step 4: Copy test.apk into dex2jar-2.0 folder to avoid setting class path, now open command prompt in dex2jar-2.0, simple way to do that is open the dex2jar folder and goto the path and type cmd as follow and press enter
step 4: Once the command prompt is open, type d2j-dex2jar.bat test.apk and press enter it will generate test-dex2jar.jar, then go to Jd-Gui.jar and press enter it will open graphical application to see the .class files, open the test-dex2jar inside that and you will be able to see the java source code, not the xml ones, if not working use d2j-dex2jar.sh test.apk. This two commands are useful for the single dex apks, what if we have multidex application? In that case we will follow step file.
step 5: If the application has more then one classes.dex files, then we will use this method. First extract the APK file to see if it is multidex or not, if it has more then one classes.dex then select all the dex files
Paste it to the dex2jar extracted folder where test.apk was copied to avoid setting path issue, then run the command d2j-dex2jar.bat classes.dex and press enter it will generate classes-dex2jar.jar, and same for classes2.dex. Then you can open both the jar one by one using Jd-Gui.