A comprehensive reference for mobile developers working with APK and IPA files - building, patching, extracting, and analyzing binaries.
Decompilation & Reverse Engineering
| Tool | Description | Link |
|---|
| Apktool | Industry standard for decoding/rebuilding APKs, smali editing | apktool.org |
| JADX | Dex to Java decompiler with GUI, produces readable source | GitHub |
| dex2jar | Convert .dex to .class files | GitHub |
| GDA | Fast C++ decompiler for APK/DEX/ODEX | GitHub |
| Bytecode Viewer | GUI decompiler, editor, and APK editor | GitHub |
| Androguard | Python tool for analyzing Android apps | GitHub |
| Simplify | Android virtual machine and deobfuscator | GitHub |
GUI Editors
| Tool | Description | Link |
|---|
| APK Editor Studio | Cross-platform APK editor for resources, images, icons | Website |
| APKLeaks | Scan APKs for URIs, endpoints, secrets | GitHub |
| MT Manager | Android APK editor (Android app) | Play Store |
Signing & Packaging
| Tool | Description | Link |
|---|
| Uber Apk Signer | Sign, zipalign, verify APKs (v1/v2/v3 schemes) | GitHub |
| apksigner | Official Android SDK signing tool | Android Docs |
| zipalign | Optimize APK alignment | Android SDK |
Dynamic Analysis & Hooking
| Tool | Description | Link |
|---|
| Frida | Runtime instrumentation and hooking | frida.re |
| Drozer | Android security testing framework | GitHub |
| Objection | Runtime mobile exploration (Frida-based) | GitHub |
| Xposed Framework | Module-based hooking framework | XDA |
| LSPosed | Modern Xposed implementation for Android 8.1+ | GitHub |
APK Download Sources
Disassemblers & Decompilers
| Tool | Description | Link |
|---|
| IDA Pro | Industry-standard disassembler (commercial) | hex-rays.com |
| Ghidra | NSA’s free reverse engineering suite | ghidra-sre.org |
| Hopper | macOS-native disassembler with Obj-C demangling | hopperapp.com |
| Radare2 | Free, open-source RE framework | rada.re |
| Cutter | GUI for Radare2 | GitHub |
| Tool | Description | Link |
|---|
| MachOView | GUI for Mach-O file structure | SourceForge |
| class-dump | Extract Objective-C class info from binaries | GitHub |
| otool | Apple’s command-line binary analysis | macOS Built-in |
| nm | Display symbol table | macOS Built-in |
| strings | Extract printable strings from binary | macOS Built-in |
| Frida iOS Dump | Dump decrypted IPAs from device memory | GitHub |
| Tool | Description | Link |
|---|
| dumpdecrypted | Decrypt iOS app binaries | GitHub |
| Clutch | Crack encrypted iOS apps | GitHub |
| bfdecrypt | Decrypt iOS apps on jailbroken devices | GitHub |
| flexdecrypt | Modern iOS app decryptor | GitHub |
Signing & Sideloading
| Tool | Description | Link |
|---|
| ldid | Link identity editor for pseudo-signing | GitHub |
| codesign | Apple’s official signing tool | macOS Built-in |
| AltStore | Sideload apps without jailbreak | altstore.io |
| Sideloadly | IPA sideloading tool | sideloadly.io |
| ios-deploy | Deploy apps to iOS devices | GitHub |
| ideviceinstaller | Install IPAs via USB | GitHub |
| libimobiledevice | Cross-platform iOS device communication | GitHub |
Dynamic Analysis
| Tool | Description | Link |
|---|
| Frida | Runtime instrumentation toolkit | frida.re |
| Cycript | Explore and modify running apps | cycript.org |
| FLEX | In-app debugging and exploration | GitHub |
| Theos | Cross-platform build system for iOS tweaks | theos.dev |
| Tool | Supported Devices | iOS Versions |
|---|
| checkra1n | iPhone 5s - iPhone X | iOS 12.0+ |
| unc0ver | iPhone SE - iPhone 12 | iOS 11.0-14.3 |
| Dopamine | arm64e devices | iOS 15.0-16.5.1 |
| palera1n | A8-A11 devices | iOS 15.0+ |
| Tool | Description | Link |
|---|
| MobSF | All-in-one automated pen-testing for Android/iOS | GitHub |
| QARK | LinkedIn’s static analysis for Android | GitHub |
| Mobile Audit | Web app for Android APK static analysis | GitHub |
| Corellium | Virtual iOS/Android devices for testing | corellium.com |
Quick Reference Commands
APK Operations
# Decode APK
apktool d app.apk -o output_dir
# Rebuild APK
apktool b output_dir -o new_app.apk
# Sign APK
java -jar uber-apk-signer.jar -a new_app.apk
# Decompile to Java
jadx -d output_dir app.apk
# Extract strings
strings app.apk | grep -i "api\|key\|secret"
IPA Operations
# Extract IPA contents
unzip app.ipa -d output_dir
# View Mach-O info
otool -L Payload/App.app/App
# Extract class info
class-dump Payload/App.app/App > classes.h
# Resign IPA
codesign -f -s "iPhone Developer" Payload/App.app
# Install via ios-deploy
ios-deploy --bundle Payload/App.app
# Dump decrypted IPA (jailbroken device)
frida-ios-dump -u -o decrypted.ipa com.app.bundle
Frida Commands
# List running processes (Android)
frida-ps -U
# Attach to app
frida -U -n "App Name"
# Run script
frida -U -l script.js -f com.app.package
# iOS dump
frida-ios-dump com.app.bundle
Resources
Documentation & Guides
Learning Resources
Last Updated: December 2025
