Android Resources#
Online services and references the operator reaches for to triage
an Android app, submit a suspicious APK for analysis, or unpack
the bundle on the bench. An APK is just a zip of compiled
resources plus assembled Dalvik bytecode, so the operator pulls
classes.dex and resources.arsc straight out with
unzip; the services below carry the dynamic and behavioural
analysis the operator does not want to run on their own host.
Services#
VirusTotal at https://www.virustotal.com/, the default starting point for static + multi-engine scan of an APK (128 MB upload cap).
MobSF at https://mobsf.github.io/Mobile-Security-Framework-MobSF/, the operator’s self-hosted static + dynamic analysis pipeline.
AppCritique at https://appcritique.boozallen.com/, free upload-and-assess for Android binaries.
APKPure at https://apkpure.com/, source of mirrored APKs when an app has been pulled from Play.