After successfully downloading the APK archive we have to decompile it in the next step. This article describes this procedure.
Introduction
The process is basically simple and involves following steps:
- Reverse the APK archive with Apktool .
- Tool Dex2jar
to deal with android
.dex
and.class
files. - JD-GUI is the Java Decompiler to analyse Java “byte code”.
Install those packages if not already done.
Plan B
Unfortunatly I was not able to install those tools; I had to fight with some package issues on my system. Bottom line I was not able to use mentioned tools.
Luckily this process is something also others do so there is also a nice web service where you can upload you APK and download the decompiled files: http://www.javadecompilers.com/
Just uplaod your APK and after some processing time you can download all the decompiled files.
First observations
My goal was initially to find out which web based APIs are used from the application. So after getting the source of the application it is easy to find them with a simple command:
grep -ri "https://" .
in the corresponding directory. The result? Interesting, see following screenshot:
And here is an example of the source code as it looks like.
Key take aways
I checked the application from Swisscharge . Due the analysis of the used urls I was suprised to find out that in the back the application is from Virta .
The other piece which every should be aware of when using applications in general that they do a intensive monitoring of them. One of the famous helper is DataDog .