How to retrieve an apk from an Android device ?
In order to be able to test the security of a mobile application, the first step is obviously to have the application itself available in your security testing environment.
Getting an .apk is the first step in this test. This article is an easy step-by-step tutorial to retrieve any .apk locally from an Android device.
As a first step, you should configure your local env to be able to connect to your Android device.
- Download ADB binary : first step is to download the adb utility command directly from https://developer.android.com/studio/command-line/adb. This tool will be used to communicate with your device
- Decompress the .zip file where you want
- (Optional) For easier command access, add it to your path. On Unix, this can be done by editing your shell configuration.
The following applies to bash :
edit ~/.bash_profile
and add the path of platform-tools (the directory contained in the .zip file) in your PATH (here we assume that you hace extracted the directory in your home directory, adapt with the actual path you chose)
export PATH="~/platform-tools/:$PATH"
Reload your shell
$ . ~/.bash_profile
Now you can directly use the adb command without specifying the full path of the executable.
- Download the app you want directly from the Play store
- Activate the Developper mode. The method to do this can vary depending on your model, but it consists in going to the “Settings > About your phone” menu. Then tap 7 times on your system version to enable it.
- Enable USB debugging : Go to “Settings > Additionnal Settings > Developper Settings” and activate the “USB Debugging” toggle
- Connect your phone to your computer and accept the security warning. Be careful, you’re giving access to your phone to your computer, it’s a sensible action. You can deactivate the developper mode in this same menu when you’re done.
- Get the list of installed packages on your phone and identify the one you want
If you have an idea of the name, you can grep it, else look at the full list to find the one you want.
$ adb shell pm list packages
package:com.test.app
package:com.test2.example
...
$ adb shell pm list packages | grep test
package:com.test.app
- Get the full name of the package
$ adb shell pm path com.test.app
package:/data/app/~~uvMRkmhh6yIpqTLnXBUNew==/com.test.app-XHklV-4U09X5DtctRhMrBw==/base.apk
- Download the .apk locally
$ adb pull /data/app/~~uvMRkmhh6yIpqTLnXBUNew==/com.test.app-XHklV-4U09X5DtctRhMrBw==/base.apk path/to/destination
You now have an .apk locally.
For example, you can try to decompile it with tools like apktool
or dex2jar
:
apktool d base.apk
d2j-dex2jar base.apk