skylot/jadx

JADX is a decompiler for Android applications. When you download an Android app (an APK file), the code inside it is stored in a compiled format called Dalvik bytecode (DEX files), a low-level representation that Android devices can run directly but humans cannot easily read. JADX converts this compiled bytecode back into readable Java or Kotlin source code, letting you examine how an app works. The tool works through a process called decompilation: it reads the DEX bytecode, reconstructs the original program flow, and produces Java source code that approximates what the original developer would have written. It also decodes Android resource files like the AndroidManifest.xml (which describes the app's permissions and components) and binary resource archives. For obfuscated apps, where developers have intentionally renamed all variables and classes to meaningless letters to make reverse engineering harder, JADX includes a built-in deobfuscator that attempts to restore meaningful names, and it supports external renaming maps in several formats. The project comes in two forms: a command-line tool for scripted or batch analysis, and a GUI (graphical desktop application) with syntax highlighting, click-to-navigate class references, full-text search across all decompiled code, and a Smali debugger (Smali is the assembly-like language that directly represents Dalvik bytecode). You would use JADX if you are a security researcher auditing Android apps for vulnerabilities, a developer trying to understand how a competitor's app works, a malware analyst investigating a suspicious APK, or a developer who has lost their own source code. The README notes that JADX cannot decompile 100% of all code, complex constructs may produce errors or incomplete output. The tech stack is Java (requires Java 11 or later), built with Gradle, and available on Windows, macOS, and Linux.