This is a list of tools for Android developers and security analysts. There are sections for basic dev tools, for static extraction/analysis tools, and for runtime (dynamic) analysis tools.
Not included:
-
Software libraries, as there are far, far too many of those;
-
Open-source applications not updated for the last 6 years, as they are likely to fail;
-
Sites that want you to upload your APKs for analysis.
Please check back later to see if more tools have been added! Thank you.
Software Tools
Name | Description | Open src? | Home/Doc URL | Src URL |
---|---|---|---|---|
General |
||||
Android Source |
Code Search |
y |
||
Build Tools |
||||
Android Studio |
Official IDE |
Partly |
N/A |
|
Eclipse ADT |
Previous official IDE |
Y |
N/A |
N/A |
Eclipse AndMore |
Abandoned update to prev |
Y |
N/A |
|
Gradle |
Batch Build Tool |
Y |
same |
|
Maven |
Batch Build Tool |
Y |
||
JUnit |
Test Framework |
Y |
same |
|
Static Analysis Tools |
||||
abe |
Backup Extractor |
Y |
same |
|
adebar |
Backup/report tool |
Y |
same |
|
AndroGuard |
Reveng tool |
Y |
||
AOSP |
Android Source |
Y |
same |
|
apk2jar |
RevEng |
Y |
same |
|
apktool |
RevEng |
Y |
same |
|
dedexer |
RevEng |
? |
? |
|
Dex2Jar |
Dex→Class converter |
Y |
same |
|
dextra |
dex/oat dumper/disasm/decomp |
N |
N/A |
|
dexdump |
reveng |
? |
? |
? |
ghidra |
reveng from NSA |
Y |
||
imjtool |
Boot code viewer |
N |
N/A |
|
jadx |
reveng |
Y |
same |
|
JD-Gui & JD-Core |
Decompiler |
Y |
||
quark-engine |
"Obfuscation-Neglect Android Malware Scoring" |
Y |
||
Dynamic Analysis Tools |
||||
bdsm |
"bindump, dumpsys, service & more" |
N |
N/A |
|
Burp Suite (community edn) |
Proxy,other pentest tools |
N |
NONE |
|
BPFDroid |
Dynamic using Linux eBPF |
Y?? |
?? |
|
eBPF |
extended BPF (linux kernel) |
Y |
||
Frida |
Dynamic modification tool |
Y |
||
jtrace |
System Call Tracer |
N |
N/A |
|
memento |
Tool to Inspect a Process' Memory |
N |
N/A |
|
mitmproxy |
Monkey-In-The-Middle proxy |
Y |
||
procexp |
Top-like Process Lister |
N |
N/A |
|
SoapUI |
Recording/mocking proxy |
Y |
||
strace |
System Call trace |
Y |
see AOSP |
same |
Su/Rooting Tools |
||||
Magisk |
systemless rooting |
Y |
same |
|
SuperSU |
su cmd + app |
No |
(web search CCMT SuperSU ownership) |
|
TWRP |
Better Recovery Image |
Y |
Malware Analysis Information Resources
-
OWASP MASVS, 700pp doc
-
OWASM MSTG, shorter checklist
-
A survey of malware detection in Android apps, Elsevier (paywall)
-
Revisiting Static Analysis of Android Malware, Usenix, 2017
-
Static and Dynamic Analysis for Android Malware Detection, San Jose State U, M.Sc. thesis, 2016
-
BPFDroid paper, 2021
-
Intro to Android Malware Analysis, undated