Third-Party Libraries & Frameworks

Java and Kotlin are the primary programming languages for Android. However, libraries that are included with the applications could be written in C/C++. These libraries should be evaluated for public CVEs, as well as examined for sensitive information leakage.

Extract The APK File

To extract and decode the APK file, follow this example:

apktool d -o App ExampleApp.apk 
cd App/lib/{arch}

These files are the compiled Shared Libraries (.so). Since these are ELF files, you will need to use tools such as readelf and radare2 or Ghidra to examine them.

Decompile APK File

To decompile the APK SMALI/DEX files, use the jadx tool:

jadx -d App ExampleApp.apk

The files will be in the App/sources directory. Typically, the source files will be in a reverse domain format such as com/libname/android/*.java where each ‘/’ indicates a sub-directory. So, in this example, the full path would be ~/App/sources/com/libname/android/ with all of the java files listed below that.

Extract The APK File​

Decompile APK File​

Extract The APK File

Decompile APK File