Skip to main content

Android Package Identifier

Project description


Build Status PyPI PyPI - Python Version PyPI - Format PyPI - License

APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It’s PEiD for Android.

Screen Shot 2019-05-07 at 10 55 00 AM

Screen Shot 2019-05-07 at 10 55 00 AM

For more information on what this tool can be used for, check out:


Installation is unfortunately a bit involved until a pull request is merged in a dependency. Here’s how you do it:

git clone --recursive -b "v3.10.0" /tmp/yara-python
cd /tmp/yara-python/yara
curl | git am
cd ..
python build --enable-dex
python install

Without this patch to Yara, the dexlib1 detection rule will fail as will any rule relying on string sizes.

If this patch wasn’t needed, here’s how you’d install. First, install yara-python with --enable-dex to compile Yara’s DEX module:

# Don't use this method, for now.
#pip install --upgrade wheel
#pip wheel --wheel-dir=/tmp/yara-python --build-option="build" --build-option="--enable-dex" git+
#pip install --no-index --find-links=/tmp/yara-python yara-python

Finally, install APKiD:

pip install apkid


You can also run APKiD with Docker! Of course, this requires that you have git and Docker installed.

Here’s how to use Docker:

git clone
cd APKiD/
docker build . -t rednaga:apkid
docker/ ~/reverse/targets/android/example/example.apk
[+] APKiD 2.1.0 :: from RedNaga ::
[*] example.apk!classes.dex
 |-> compiler : dx


usage: apkid [-h] [-v] [-t TIMEOUT] [-r] [--scan-depth SCAN_DEPTH]
             [--entry-max-scan-size ENTRY_MAX_SCAN_SIZE] [--typing {magic,filename,none}] [-j]
             [-o DIR]
             [FILE [FILE ...]]

APKiD - Android Application Identifier v2.1.0

positional arguments:
  FILE                                       apk, dex, or directory

optional arguments:
  -h, --help                                 show this help message and exit
  -v, --verbose                              log debug messages

  -t TIMEOUT, --timeout TIMEOUT              Yara scan timeout (in seconds)
  -r, --recursive                            recurse into subdirectories
  --scan-depth SCAN_DEPTH                    how deep to go when scanning nested zips
  --entry-max-scan-size ENTRY_MAX_SCAN_SIZE  max zip entry size to scan in bytes, 0 = no limit
  --typing {magic,filename,none}             method to decide which files to scan

  -j, --json                                 output scan results in JSON format
  -o DIR, --output-dir DIR                   write individual results here (implies --json)

Submitting New Packers / Compilers / Obfuscators

If you come across an APK or DEX which APKiD does not recognize, please open a GitHub issue and tell us:

  • what you think it is – obfuscated, packed, etc.

  • the file hash (either MD5, SHA1, SHA256)

We are open to any type of concept you might have for “something interesting” to detect, so do not limit yourself solely to packers, compilers or obfuscators. If there is an interesting anti-disassembler, anti-vm, anti-* trick, please make an issue.

Pull requests are welcome. If you’re submitting a new rule, be sure to include a file hash of the APK / DEX so we can check the rule.


This tool is available under a dual license: a commercial one suitable for closed source projects and a GPL license that can be used in open source software.

Depending on your needs, you must choose one of them and follow its policies. A detail of the policies and agreements for each license type are available in the LICENSE.COMMERCIAL and LICENSE.GPL files.


If you want to install the latest version in order to make changes, develop your own rules, and so on, simply clone this repository, compile the rules, and install the package in editable mode:

git clone
cd APKiD
pip install -e .[dev,test]

If the above doesn’t work, due to permission errors dependent on your local machine and where Python has been installed, try specifying the --user flag. This is likely needed if you’re not using a virtual environment:

pip install -e .[dev,test] --user

If you update any of the rules, be sure to run to recompile them.

For Maintainers

This section is for package maintainers.

To update the PyPI package:

./ readme
rm -f dist/*
python sdist bdist_wheel
twine upload --repository-url dist/*

Update the generated README.rst until Pandoc learns how to translate Markdown with images that are links into reStructuredText:

.. image::

.. image::

.. image::

.. image::

.. image::

For more information see Packaging Projects.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ak-apkid-2.1.0.post1.tar.gz (104.7 kB view hashes)

Uploaded source

Built Distribution

ak_apkid-2.1.0.post1-py2.py3-none-any.whl (105.6 kB view hashes)

Uploaded py2 py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page