) Techniques to reverse engineer an Android application

a. Android apps or APKs are just ZIP files with a new extension. Inside is everything the app
needs to run—from the code to any media it might need. There are a number of ways to get an
APK. You can use a file manager like ASTRO to save a backup to an SD card. It’s also possible to
connect your Android to a computer and then use Android Debugging Bridge to transfer the app
to your PC. You can also use online tools to suck APKs out of Google Play Store.

b. Once you have an APK to work with, then convert it into something more usable. You could
disassemble your target with a tool like Apktool, which will convert the APK’s compiled
application code file (Dalvik Executable, or DEX) into an assembly language. Or you could
decompile, which converts the DEX into a Java Archive (JAR), and then to Java.

c. Because some data can be lost in the decompiling process, it’s better to use a decompiler that
was made with Android in mind. This skips the JAR step, converting DEX directly to Java.

d. Modify any line of code of the APK file you want to change.

e. Recompile and resign it and repack it back to an android executable installer or an APK file.

f. Install it on your phone again.