Static SDK detection for Android APK files — 5-layer analysis engine
Project description
APK SDK Analyzer
Static third-party SDK detection tool for Android APK files.
Features
- Zero-dependency on decompilers — pure Python static analysis
- 5-layer detection engine: DEX class names · AndroidManifest components · Native
.solibs · META-INF version files · DEX BuildConfig static fields - Structured output: JSON + interactive single-file HTML report
- Extensible signature database: YAML files in
sdk_signatures/— update without recompiling - Cross-platform: Windows / macOS / Linux
Installation
Using pip:
pip install apk-analyzer
Using uv (recommended):
# As a project dependency
uv add apk-analyzer
# As a standalone CLI tool
uv tool install apk-analyzer
Usage
# Basic analysis — generates <apk>_report.json and <apk>_report.html
apk-analyzer target.apk
# Analyze specific categories only
apk-analyzer target.apk --categories push,ads,analytics
# Custom output paths
apk-analyzer target.apk --output-json report.json --output-html report.html
# JSON output only
apk-analyzer target.apk --format json
# Verbose mode
apk-analyzer target.apk --verbose
# Use a custom signatures directory
apk-analyzer target.apk --signatures-dir ./my_signatures
Output
Two files are generated next to the APK by default:
| File | Description |
|---|---|
<apk>_report.json |
Structured data — suitable for scripting and CI integration |
<apk>_report.html |
Interactive single-file report — open in any browser |
Detection Methods
| Layer | Method | Coverage |
|---|---|---|
| L1 | DEX class name prefix matching | ~90% of SDKs |
| L2 | AndroidManifest service/receiver/activity | Confirms presence |
| L3 | Native .so library names |
Native SDKs |
| L4 | META-INF .version files |
AndroidX / Google libs |
| L5 | DEX BuildConfig.VERSION_NAME static fields |
Exact versions |
Output JSON Structure
{
"meta": { "tool_version": "1.5.0", "analysis_time": "...", "analysis_duration_seconds": 0.33 },
"apk_info": { "package_name": "com.example.app", "version_name": "1.2.3", "min_sdk": 21, ... },
"detected_sdks": [
{
"id": "xiaomi_mipush",
"name": "小米推送 MiPush",
"version": "5.9.6",
"confidence": "high",
"detection_evidence": { "matched_packages": ["com.xiaomi.push"], ... },
"risk": { "privacy_risk": "low" }
}
],
"summary": { "total_detected": 12, "by_category": { "push": 3, "ads": 2 } }
}
SDK Signature Format
Add signatures by dropping a YAML file into sdk_signatures/<category>/. No code changes required.
id: xiaomi_mipush
name: 小米推送 MiPush
category: push
vendor: Xiaomi
description: "小米厂商推送通道"
detection:
package_prefixes:
- "com.xiaomi.push"
native_libs:
- "libmipush.so"
manifest_services:
- "com.xiaomi.push.service.XMPushService"
version_extraction:
buildconfig:
class_pattern: "com.xiaomi.push.BuildConfig"
field: "VERSION_NAME"
risk:
privacy_risk: low # low / medium / high
notes: "..."
Build from Source
git clone https://github.com/1PersonLtd/apk-analyzer.git
cd apk-analyzer
uv sync
uv run apk-analyzer target.apk
Release Pipeline
PR merge (feature-* or fix-*)
↓ auto-tag.yml
Creates v1.y.z tag
↓ publish.yml
Publishes to PyPI → pip install apk-analyzer
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
apk_analyzer-1.9.0.tar.gz
(25.7 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file apk_analyzer-1.9.0.tar.gz.
File metadata
- Download URL: apk_analyzer-1.9.0.tar.gz
- Upload date:
- Size: 25.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.9 {"installer":{"name":"uv","version":"0.10.9","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e278b906921920e2dba676cc67d4fea1ffad4402c34385674fba81943309da1e
|
|
| MD5 |
055b18ceb9c516003e1654f6c45fe58b
|
|
| BLAKE2b-256 |
61598792acfebba1639c139f4626979e2c02ab6ad5ca6e9aba133c412c000e1c
|
File details
Details for the file apk_analyzer-1.9.0-py3-none-any.whl.
File metadata
- Download URL: apk_analyzer-1.9.0-py3-none-any.whl
- Upload date:
- Size: 39.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.9 {"installer":{"name":"uv","version":"0.10.9","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
eb8321770ee83bb500205c088a73e50355fbbc5377335ed56f55112f65603adf
|
|
| MD5 |
b35a7a3b5cbf62e5d5353d106c5f019d
|
|
| BLAKE2b-256 |
7ca53760bbceedd2cc9371c6b3f8c986bf6bd7357de58d83cccdd978333b503e
|
