Androguard

Androguard (Android Guard) is a tool written in python to play with :

• .class (Java virtual machine)
• .dex (Dalvik virtual machine)
• APK (Android application)
• JAR (Java application)
• Android's binary xml

Androguard has the following features :

• Map and manipulate (read/write) DEX/CLASS/APK/JAR files into full Python objects,
• Native support of DEX code in a c++ library,
• Access to the static analysis of your code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool,
• Check if an android application is present in a database (malwares, goodwares ?),
• Open source database of android malwares (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !),
• Diffing of android applications,
• Measure the efficiency of obfuscators (proguard, ...),
• Determine if your application has been pirated (plagiarism/rip-off indicator),
• Risk indicator of malicious application,
• Reverse engineering of applications (goodwares, malwares),
• Transform Android's binary xml (like AndroidManifest.xml) into classic xml,
• Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output,
• Patch JVM classes, add native library dependencies,
• Dump the jvm process to find classes into memory,
• Add a watermark into your application (in progress),
• Classify android apks (in progress),
• Protect your application against thefts on android market (in progress),