Turn an Android APK into a structured report
Upload an APK and AppMD parses the manifest, resources, and bytecode, detects frameworks and dependencies, and runs static analysis. An optional AI layer explains the findings in plain language.
Static + AI hybrid analysis · Built for developers and security researchers
Drop your .apk
or paste a Play Store link · max 512 MB
Detects every major Android stack
What AppMD extracts from an APK
One upload runs a full pipeline of specialized analyzers. Each panel is grounded in the actual binary, no guesses, no hallucinated source.
Understand any APK
An AI summary that reads the binary end to end, entry points, modules, and how the pieces fit.
Extract design systems
Recover the color palette, typography, spacing, and components as usable tokens.
Generate implementation prompts
Turn any screen or flow into a precise prompt for your coding agent.
Chat with your app
Ask questions in plain language and get answers grounded in the analysis.
Architecture analysis
See layers, dependencies, and data flow at a glance.
Security overview
Surface manifest risks, exported surfaces, and weak configs.
Detect frameworks & libraries
Fingerprint Compose, Flutter, React Native, and common SDKs by signature.
Asset explorer
Browse every icon, image, font, and raw resource, searchable and exportable.
How AppMD analyzes an APK
The same deterministic pipeline runs on every upload. Static analysis does the work; the AI layer is optional and only explains what was found.
Upload APK
01Drop an APK you own or are authorized to inspect. Files are processed in an isolated sandbox.
app-release.apkExtract metadata and resources
02Parse the manifest, unpack resources.arsc, and read the DEX bytecode.
manifest · resources · dexRun static analysis
03Detect frameworks and dependencies, map screens, and check the manifest for common risks.
frameworks · dependencies · findingsGenerate structured report
04Assemble the results into a structured, searchable report grounded in the artifact.
structured · searchableOptional AI explanation
05An optional layer summarizes the findings in plain language. You can turn it off.
optional
A report you can actually work in
Not a static PDF. Every analysis opens as an interactive workspace, navigate it, search it, and hand pieces straight to your build.
AI summary
Northwind Pay is a Jetpack Compose fintech client structured by feature module. It uses Hilt for dependency injection, a Ktor networking layer with certificate pinning, and Room for offline ledgers. Authentication combines password login with a TOTP second factor gated by biometrics. The onboarding spans six screens; the main experience is a bottom-nav shell with four destinations.
Not another decompiler
Traditional APK analyzers hand you a pile of artifacts and leave the understanding to you. AppMD does the understanding, and shows its work.
Reasoning, not just extraction
Legacy tools dump strings and smali. AppMD reasons over those facts to explain what the app does and why.
Minutes, not weeks
What used to take a senior engineer days of manual decompiling now returns as a structured report in about 90 seconds.
Authorized & private by design
Analysis runs in isolated sandboxes on apps you own. We never expose or reconstruct proprietary source.
Built for your workflow
Export prompts, wire it into CI, or query the API. AppMD fits where your team already works.
Honest about what it can and can't do
AppMD runs real static analysis, so the output depends on the input. Here is what that means in practice.
Limitations
- Analysis quality depends on how the APK was built and structured.
- Obfuscated or heavily minified apps may produce partial results.
- Large apps take longer to process and may be queued at peak times.
- Some deeper inspections are only available on paid plans.
Requirements
- Works best with debug or unobfuscated release builds.
- Requires an internet connection; analysis runs server-side.
- Reports combine static analysis with an optional AI layer.
- Only analyze apps you own or are authorized to inspect.
Fits your pipeline, not the other way around
AppMD is API-first. Everything you see in the workspace is available programmatically, so you can automate analysis wherever your team already works.
CLI
Analyze a build from your terminal and pipe the JSON anywhere.
CI pipelines
Gate releases on security grade or diff a build against the last.
REST + SDKs
Fetch summaries, screens, and findings programmatically.
Webhooks
Get notified the moment an analysis completes.
Simple pricing that scales with you
Start free. Upgrade when AppMD becomes part of how your team ships.
Free
For trying it on a single app.
free forever
Start free- 1 APK analysis / month
- AI summary & screen detection
- Color palette & typography
- Community support
Pro
PopularFor individual engineers and designers.
billed annually
Start Pro trial- 50 analyses / month
- Full design-system extraction
- Architecture & security insights
- Implementation prompts
- Chat with your app
- Email support
Team
For engineering teams shipping together.
billed annually
Start Team trial- Unlimited analyses
- Shared workspaces & history
- CI integration & webhooks
- REST API & SDKs
- SSO & role-based access
- Priority support
Enterprise
For security and platform organizations.
- Self-hosted or VPC deployment
- SAML SSO & audit logs
- Custom analyzers & retention
- SLA & dedicated support
- Security review & DPA
Answers before you ask
Still curious? Reach the team at hello@appmd.dev.
Be first to understand any Android app
AppMD is launching soon. Join the waitlist and we’ll email you the moment it’s ready.