explaingit

skylot/jadx

Analysis updated 2026-06-20

48,360JavaAudience · developerComplexity · 3/5Setup · easy

TLDR

A tool that converts compiled Android APK files back into readable Java or Kotlin source code, letting you examine how any Android app works without needing its original source.

Mindmap

mindmap
  root((JADX))
    What it does
      Decompile Android APKs
      Read DEX bytecode
      Decode XML resources
    Key features
      GUI and CLI modes
      Built-in deobfuscator
      Full-text search
      Smali debugger
    Use Cases
      Security auditing
      Malware analysis
      Source code recovery
      CTF challenges
    Audience
      Security researchers
      Android developers
    Limitations
      Complex code may error
      Output is approximate
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Audit an Android APK for security vulnerabilities by reading its decompiled Java source code and checking for hardcoded secrets.

USE CASE 2

Analyze a suspicious app to determine whether it contains malware or unexpected data collection behavior.

USE CASE 3

Recover source code from your own compiled APK when the original source files have been lost.

USE CASE 4

Study how a competitor's Android app implements a specific feature by decompiling and reading its logic.

What is it built with?

JavaGradle

How does it compare?

skylot/jadxreactivex/rxjavadbeaver/dbeaver
Stars48,36048,25949,904
LanguageJavaJavaJava
Setup difficultyeasymoderateeasy
Complexity3/53/52/5
Audiencedeveloperdeveloperdata

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Requires Java 11 or later to be installed, download the release ZIP and run the included script or GUI launcher.

In plain English

JADX is a decompiler for Android applications. When you download an Android app (an APK file), the code inside it is stored in a compiled format called Dalvik bytecode (DEX files), a low-level representation that Android devices can run directly but humans cannot easily read. JADX converts this compiled bytecode back into readable Java or Kotlin source code, letting you examine how an app works. The tool works through a process called decompilation: it reads the DEX bytecode, reconstructs the original program flow, and produces Java source code that approximates what the original developer would have written. It also decodes Android resource files like the AndroidManifest.xml (which describes the app's permissions and components) and binary resource archives. For obfuscated apps, where developers have intentionally renamed all variables and classes to meaningless letters to make reverse engineering harder, JADX includes a built-in deobfuscator that attempts to restore meaningful names, and it supports external renaming maps in several formats. The project comes in two forms: a command-line tool for scripted or batch analysis, and a GUI (graphical desktop application) with syntax highlighting, click-to-navigate class references, full-text search across all decompiled code, and a Smali debugger (Smali is the assembly-like language that directly represents Dalvik bytecode). You would use JADX if you are a security researcher auditing Android apps for vulnerabilities, a developer trying to understand how a competitor's app works, a malware analyst investigating a suspicious APK, or a developer who has lost their own source code. The README notes that JADX cannot decompile 100% of all code, complex constructs may produce errors or incomplete output. The tech stack is Java (requires Java 11 or later), built with Gradle, and available on Windows, macOS, and Linux.

Copy-paste prompts

Prompt 1
I want to decompile an Android APK using JADX to inspect its source code. Walk me through opening the APK in the JADX GUI and navigating to find the code that handles network requests.
Prompt 2
Using the JADX command-line tool, write the exact command to decompile an APK called 'myapp.apk' and export all Java source files to a folder called 'output'.
Prompt 3
I'm analyzing an obfuscated Android app with JADX where all class names are single letters. How do I use JADX's built-in deobfuscator to restore meaningful names?
Prompt 4
Help me write a shell script using JADX CLI to batch-decompile all APKs in a folder and grep the output for hardcoded API keys or passwords.

Frequently asked questions

What is jadx?

A tool that converts compiled Android APK files back into readable Java or Kotlin source code, letting you examine how any Android app works without needing its original source.

What language is jadx written in?

Mainly Java. The stack also includes Java, Gradle.

How hard is jadx to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is jadx for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub skylot on gitmyhub

Verify against the repo before relying on details.