Setup

Android Studio

When you get an APK file, this is an Android app. But luckily, you don't necessarily need a physical Android device to test it on, we can use an emulator on a computer!

It starts by installing an emulator. The most popular one and the one I will be using throughout this page is the free Android Studio:

Virtual Devices

When Android Studio is installed, you should create an Android Virtual Device. From the "Welcome" menu you can go to Configure -> AVD Manager. Otherwise, go to Tools -> AVD Manager. In this table, you can see all your virtual devices. If you do not have one yet, you should create one with the Create Virtual Device button in the bottom-left corner.

On the next screen, you can select a System Image. This is important for apps, as some APKs only support certain Android versions. I recommend at least one device with Android 8.1 (API 27) because it is fairly new, and still allows you to Proxy traffic later on. In some cases, the app will require a higher version though, so then you can simply create a new device with a higher API to run the app on.

After the device is created, you will be able to use it in the future to run emulated apps.

Starting an Application

Now that Android Studio and a Virtual Device are set up, you can import and run an app. Start by going to File -> Debug or Profile APK, where you can select the APK file you want to analyze. After it is imported, you can view a lot of resources and read low-level Smali code.

Tools

Some must-have tools to make analyzing APK files easier.

APKTool

ADB

Android Debugger (ADB) is a tool that comes with Android Studio, which allows you to get more from the emulated device, such as a shell to explore the file system or change certain settings. After installing Android Studio, it may be found in the following locations:

• Windows: %LOCALAPPDATA%\Android\sdk\platform-tools\adb.exe

• Linux: /usr/share/android-sdk/platform-tools/adb or: ~/Android/Sdk/platform-tools/adb