explaingit

karma9874/androrat

4,772JavaAudience · researcherComplexity · 3/5LicenseSetup · moderate

TLDR

AndroRAT is a client-server remote administration tool for Android devices. A hidden app installed on a phone connects back to a Python server, letting the operator retrieve photos, audio, GPS location, messages, call logs, and files, built for learning how mobile malware and Android permissions work.

Mindmap

mindmap
  root((AndroRAT))
    Android App
      Runs in background
      Hides from launcher
      Auto starts on boot
    Server Commands
      Take photos
      Record audio video
      Read SMS call logs
      Get GPS location
    Data Access
      Clipboard contents
      SIM network info
      File transfer
      Shell commands
    Setup
      Python 3 required
      Java required
      Custom APK build
      ngrok for internet
    Learning Topics
      Mobile malware comms
      Android permissions
      Defender detection
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Learn how Android malware communicates with a remote command-and-control server

USE CASE 2

Study which data Android apps can access when granted certain permissions

USE CASE 3

Understand how security defenders detect or block suspicious background activity on phones

USE CASE 4

Explore mobile app security in a controlled lab or course environment

Tech stack

JavaPython 3AndroidAPKngrokCommand-line

Getting it running

Difficulty · moderate Time to first run · 1h+

Install Python 3 and Java, clone the repo, run the build command to generate a custom APK with your server IP baked in. Use ngrok to test over the internet instead of a local network.

MIT license, free to use, modify, and share for any purpose including education and research.

In plain English

AndroRAT is a remote administration tool for Android devices, built for educational purposes according to the project disclaimer. It works as a client-server pair: a Java-based Android app installed on a target device connects back to a Python-based server running on the attacker's machine, allowing the person at the server to issue commands and retrieve data from the phone remotely. Once the app is installed on an Android device, it runs silently in the background, starts automatically when the device boots, and hides its icon from the app drawer. Through a command-line interpreter, the server operator can take photos from either camera, record audio and video, read SMS messages and call logs, retrieve the device's current GPS location, get SIM card details and network information, copy clipboard contents, run shell commands, and transfer files in both directions. The tool supports devices running Android 4.1 through Android 9, with partial support for Android 10. To use the tool, a person installs Python 3 and Java, clones the repository, and runs a build command that produces a custom APK file. That APK embeds the server's IP address and port number so it knows where to connect when installed. An optional ngrok integration allows connections over the internet rather than only on a local network. The project states clearly that it is intended for educational and research contexts only, and the author takes no responsibility for any other use. It is licensed under the MIT license. This kind of tool is commonly studied in security courses to understand how mobile malware communicates with control servers, what data Android apps can access when given certain permissions, and how defenders can detect or block such activity.

Copy-paste prompts

Prompt 1
Explain how AndroRAT's APK embeds the server IP at build time and why that design choice matters for understanding mobile malware detection.
Prompt 2
Walk me through how an Android app can start automatically on device boot and hide its icon, what permissions and manifest settings make that possible?
Prompt 3
How would a mobile security defender detect that a device has software like AndroRAT installed? What network or behavioral signals would stand out?
Prompt 4
What Android permissions does a tool like AndroRAT need to access GPS, camera, microphone, and SMS, and how can users audit which apps hold those permissions?
Prompt 5
Explain the client-server architecture of a remote administration tool like AndroRAT in plain English, as if teaching it to someone with no coding background.
Open on GitHub → Explain another repo

← karma9874 on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.