Reverse Engineering Android Malware with JADX

When to Use

• A suspicious Android APK has been reported as malicious or flagged by mobile threat detection
• Analyzing Android banking trojans, spyware, SMS stealers, or adware samples
• Determining what data an app collects, where it sends it, and what permissions it abuses
• Extracting C2 server addresses, encryption keys, and configuration data from Android malware
• Understanding overlay attack mechanisms used by banking trojans

Do not use for analyzing obfuscated native (.so) libraries within APKs; use Ghidra or IDA for native ARM binary analysis.

Prerequisites

• JADX 1.5+ installed (download from https://github.com/skylot/jadx/releases)
• Android SDK with aapt2 and adb tools for APK inspection
• apktool for full APK disassembly including smali code and resources
• Python 3.8+ with androguard library for automated APK analysis
• Frida for dynamic instrumentation (optional, for runtime analysis)