Analysis updated 2026-06-20
Audit an Android APK for security vulnerabilities by reading its decompiled Java source code and checking for hardcoded secrets.
Analyze a suspicious app to determine whether it contains malware or unexpected data collection behavior.
Recover source code from your own compiled APK when the original source files have been lost.
Study how a competitor's Android app implements a specific feature by decompiling and reading its logic.
| skylot/jadx | reactivex/rxjava | dbeaver/dbeaver | |
|---|---|---|---|
| Stars | 48,360 | 48,259 | 49,904 |
| Language | Java | Java | Java |
| Setup difficulty | easy | moderate | easy |
| Complexity | 3/5 | 3/5 | 2/5 |
| Audience | developer | developer | data |
Figures from each repo's GitHub metadata at analysis time.
Requires Java 11 or later to be installed, download the release ZIP and run the included script or GUI launcher.
JADX is a decompiler for Android applications. When you download an Android app (an APK file), the code inside it is stored in a compiled format called Dalvik bytecode (DEX files), a low-level representation that Android devices can run directly but humans cannot easily read. JADX converts this compiled bytecode back into readable Java or Kotlin source code, letting you examine how an app works. The tool works through a process called decompilation: it reads the DEX bytecode, reconstructs the original program flow, and produces Java source code that approximates what the original developer would have written. It also decodes Android resource files like the AndroidManifest.xml (which describes the app's permissions and components) and binary resource archives. For obfuscated apps, where developers have intentionally renamed all variables and classes to meaningless letters to make reverse engineering harder, JADX includes a built-in deobfuscator that attempts to restore meaningful names, and it supports external renaming maps in several formats. The project comes in two forms: a command-line tool for scripted or batch analysis, and a GUI (graphical desktop application) with syntax highlighting, click-to-navigate class references, full-text search across all decompiled code, and a Smali debugger (Smali is the assembly-like language that directly represents Dalvik bytecode). You would use JADX if you are a security researcher auditing Android apps for vulnerabilities, a developer trying to understand how a competitor's app works, a malware analyst investigating a suspicious APK, or a developer who has lost their own source code. The README notes that JADX cannot decompile 100% of all code, complex constructs may produce errors or incomplete output. The tech stack is Java (requires Java 11 or later), built with Gradle, and available on Windows, macOS, and Linux.
A tool that converts compiled Android APK files back into readable Java or Kotlin source code, letting you examine how any Android app works without needing its original source.
Mainly Java. The stack also includes Java, Gradle.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.