Identifies compilers, packers, obfuscators, and other characteristics in Android APK and DEX files.
APKiD is a Python-based tool that identifies how Android APK and DEX files were constructed by detecting compilers, packers, obfuscators, and other oddities. It solves the problem of unknown app origins by fingerprinting build tools and protection mechanisms, aiding in security analysis and malware detection.
Security researchers, malware analysts, reverse engineers, and Android app developers who need to inspect app construction for security vetting, piracy detection, or research purposes.
Developers choose APKiD for its accuracy, speed, and extensibility in fingerprinting Android app build tools, offering a specialized, open-source alternative to manual analysis with a rule-based system that's easy to update and integrate.
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
APKiD is optimized for speed and accuracy in detecting compilers, packers, and obfuscators, as emphasized in its philosophy and demonstrated through Yara-based rule matching.
Uses Yara rules that are community-updatable via GitHub issues and pull requests, allowing rapid adaptation to new tools and techniques, as highlighted in the 'Submitting New Packers' section.
Supports JSON output format for easy parsing and integration with other security tools and automation pipelines, facilitating scalable app vetting workflows.
Includes Docker setup for containerized execution, simplifying deployment across different environments and reducing dependency conflicts, as shown in the installation instructions.
Only performs static analysis on APK/DEX files; it cannot handle dynamic runtime behaviors or monitor app execution, which restricts its use in comprehensive security assessments requiring live analysis.
Hacking and rule compilation require running prep-release.py and managing dependencies like yara-python-dex, which can be cumbersome for contributors or those setting up from source, especially on Windows.
Offers both commercial and GPL licenses, which may create ambiguity for users regarding compliance and usage rights, potentially complicating adoption in closed-source or mixed-license projects.
APKiD is an open-source alternative to the following products: