Androguard

4.1.3 · active · verified Sat Apr 11

Androguard is a comprehensive Python toolkit for reverse engineering and analyzing Android applications. It supports various Android file formats like DEX, ODEX, APK, Android's binary XML, and resources. The library offers capabilities for disassembly, basic decompilation, static and dynamic analysis, and Frida integration. The project is actively maintained, with version 4.1.3 released on February 24, 2025, representing a significant evolution from the 3.x series.

Warnings

breaking Androguard versions 4.0.0 and later introduce substantial differences and removed functionalities compared to the previous stable version 3.3.5 (released in 2019). Code written for 3.x might not be compatible with 4.x.
Fix: Review the official GitHub documentation and issue tracker for migration guides. Expect refactoring of existing scripts.
breaking Support for Python 2.7 was officially dropped in Androguard 4.0.1. The library now requires Python 3.9 or higher.
Fix: Upgrade your Python environment to 3.9 or newer. Ensure your project's `requirements.txt` specifies compatible Python versions.
deprecated Between versions 3.2 and 3.3.3/3.3.5, the AXML parser and related functions underwent significant refactoring and reorganization. Some functions were renamed or removed, especially those dealing with namespace resolution.
Fix: Projects built on older 3.x versions using AXML parsing should carefully check for renamed/removed functions and adjust their code accordingly. Consult `androguard.core.bytecodes.axml` module changes.
gotcha Using `Session` objects for bulk analysis of many APKs can lead to very large storage consumption, as session objects can be more than 30 times larger than the original APK.
Fix: For bulk analysis, consider pickling the `APK` and `Analysis` objects directly, or utilize the `AndroAuto` framework which is designed for large-scale analysis. Be mindful of disk space.
gotcha Androguard's parsing of `AndroidManifest.xml` can sometimes fail when encountering 'edge cases' or deliberately malformed APKs (e.g., in malware).
Fix: Before reporting an issue, try using official Android tools like `aapt2` or `apkanalyzer` to decode the manifest. Check ZIP file integrity. If the file is indeed malformed and causes issues, report it to the Androguard project.

Install

pip install androguard Install latest version

Imports

AnalyzeAPK
```
from androguard.misc import AnalyzeAPK
```
APK
```
from androguard.core.apk import APK
```
DEX
```
from androguard.core.dex import DEX
```

Analysis

from androguard.core.analysis.analysis import Analysis

Quickstart

This quickstart demonstrates how to load and perform basic static analysis on an APK file using `AnalyzeAPK`. It retrieves the package name, main activity, permissions, and counts of DEX files and classes. Replace 'path/to/your/app.apk' or set the `ANDROGUARD_SAMPLE_APK` environment variable to a valid APK path for execution.

from androguard.misc import AnalyzeAPK
import os

# NOTE: Replace 'path/to/your/app.apk' with an actual APK file path.
# For a runnable example, you'd need a sample APK.
apk_file_path = os.environ.get('ANDROGUARD_SAMPLE_APK', 'path/to/your/app.apk')

try:
    # Analyze the APK file
    a, d, dx = AnalyzeAPK(apk_file_path)

    print(f"Package Name: {a.get_package()}")
    print(f"Main Activity: {a.get_main_activity()}")
    print("Permissions:")
    for perm in a.get_permissions():
        print(f"  - {perm}")

    print(f"Number of DEX files: {len(d)}")
    print(f"Total classes analyzed: {len(dx.get_classes())}")

except Exception as e:
    print(f"Error analyzing APK: {e}")
    print("Please ensure 'ANDROGUARD_SAMPLE_APK' environment variable points to a valid APK, or replace 'path/to/your/app.apk' with a real path.")

view raw JSON →