This is a list of tools for Android developers and security analysts. There are sections for basic dev tools, for static extraction/analysis tools, and for runtime (dynamic) analysis tools.

Not included:

  • Software libraries, as there are far, far too many of those;

  • Open-source applications not updated for the last 6 years, as they are likely to fail;

  • Sites that want you to upload your APKs for analysis.

Please check back later to see if more tools have been added! Thank you.

Software Tools

Table 1. Android Developer Tools
Name Description Open src? Home/Doc URL Src URL

General

Android Source

Code Search

y

https://developer.android.com

https://cs.android.com

Build Tools

Android Studio

Official IDE

Partly

https://developer.android.com/

N/A

Eclipse ADT

Previous official IDE

Y

N/A

N/A

Eclipse AndMore

Abandoned update to prev

Y

https://projects.eclipse.org/projects/tools.andmore

N/A

Gradle

Batch Build Tool

Y

https://gradle.intellij.com

same

Maven

Batch Build Tool

Y

https://maven.apache.org

https://maven.apache.org/scm.html

JUnit

Test Framework

Y

https://junit.org

same

Static Analysis Tools

abe

Backup Extractor

Y

https://github.com/nelenkov/android-backup-extractor

same

adebar

Backup/report tool

Y

https://codeberg.org/izzy/Adebar

same

AndroGuard

Reveng tool

Y

http://androguard.readthedocs.io/en/latest/

https://github.com/androguard/androguard

AOSP

Android Source

Y

https://source.android.com/

same

apk2jar

RevEng

Y

https://github.com/SunSargent/Apk2Jar

same

apktool

RevEng

Y

https://ibotpeaches.github.io/Apktool/

same

dedexer

RevEng

?

http://dedexer.sourceforge.net

?

Dex2Jar

Dex→Class converter

Y

https://github.com/pxb1988/dex2jar

same

dextra

dex/oat dumper/disasm/decomp

N

http://newandroidbook.com/tools/dextra.html

N/A

dexdump

reveng

?

?

?

ghidra

reveng from NSA

Y

https://ghidra-sre.org/

https://github.com/NationalSecurityAgency/ghidra

imjtool

Boot code viewer

N

http://newandroidbook.com/tools/imjtool.html

N/A

jadx

reveng

Y

https://github.com/skylot/jadx

same

JD-Gui & JD-Core

Decompiler

Y

http://java-decompiler.github.io/

https://github.com/java-decompiler/jd-gui

quark-engine

"Obfuscation-Neglect Android Malware Scoring"

Y

https://github.com/quark-engine/quark-engine

https://github.com/quark-engine/quark-engine

Dynamic Analysis Tools

bdsm

"bindump, dumpsys, service & more"

N

https://newandroidbook.com/tools/bdsm.html

N/A

Burp Suite (community edn)

Proxy,other pentest tools

N

https://portswigger.net/burp/communitydownload

NONE

BPFDroid

Dynamic using Linux eBPF

Y??

https://arxiv.org/pdf/2105.14344.pdf

??

eBPF

extended BPF (linux kernel)

Y

https://ebpf.io/

https://git.kernel.org/?q=BPF+Group

Frida

Dynamic modification tool

Y

https://frida.re/docs/android/

https://github.com/frida/frida

jtrace

System Call Tracer

N

https://newandroidbook.com/tools/jtrace.html

N/A

memento

Tool to Inspect a Process' Memory

N

https://newandroidbook.com/tools/memento.html

N/A

mitmproxy

Monkey-In-The-Middle proxy

Y

https://mitmproxy.org/

https://github.com/mitmproxy/mitmproxy

procexp

Top-like Process Lister

N

https://newandroidbook.com/tools/procexp.html

N/A

SoapUI

Recording/mocking proxy

Y

https://soapui.org/

https://github.com/SmartBear/soapui

strace

System Call trace

Y

see AOSP

same

Su/Rooting Tools

Magisk

systemless rooting

Y

https://github.com/topjohnwu/Magisk

same

SuperSU

su cmd + app

No

https://supersuroot.org/

(web search CCMT SuperSU ownership)

TWRP

Better Recovery Image

Y

https://twrp.me

https://github.com/omnirom/android_bootable_recovery

Malware Analysis Information Resources