Question 1

How to install APKiD on Windows?

Accepted Answer

Install via pip with 'pip install apkid', but on Windows, additional steps are required such as installing Yara 3.11.0 and yara-python-dex, as detailed in the hacking section of the README for proper compilation and setup.

Question 2

APKiD vs JADX for APK analysis?

Accepted Answer

APKiD focuses on fingerprinting build tools, packers, and obfuscators to reveal how an app was constructed, while JADX is for decompiling Java code to inspect logic. Use APKiD for security vetting and JADX for code review.

Question 3

How to add custom detection rules to APKiD?

Accepted Answer

Submit a GitHub issue with file hashes and details about the new packer or obfuscator, or create a pull request with Yara rules after compiling them using prep-release.py, as per the contribution guidelines in the README.

Question 4

Can APKiD detect the latest obfuscators?

Accepted Answer

APKiD relies on community-updated Yara rules; while it's actively maintained, new or obscure obfuscators might not be detected immediately until rules are added, requiring periodic updates for accuracy.

Question 5

Is APKiD good for malware analysis?

Accepted Answer

Yes, it's specifically designed for malware analysis by identifying protection mechanisms and anti-* tricks common in malicious apps, as evidenced by its use in security research and BlackHat presentations linked in the README.

Question 6

How to use APKiD JSON output in other tools?

Accepted Answer

The JSON output provides structured data on detections, which can be parsed by scripts or integrated into security dashboards for automated reporting, workflow automation, and combining with other analysis tools.

APKiD

What is APKiD?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Open Source Alternative To

Frequently Asked Questions