Analyzing an APK
A look under the hood at the pipeline that turns a binary into understanding.
The pipeline
Every analysis runs the same deterministic stages, so results are consistent and repeatable:
- Unpack: the APK (or AAB) is expanded: DEX bytecode,
resources.arsc, the manifest, native libs, and assets. - Fingerprint: frameworks and SDKs are identified by signature across 400+ known libraries.
- Extract: screens, resources, colors, typography, and the manifest surface are pulled out as structured data.
- Reason: models explain architecture, flows, and intent, grounded in the extracted facts.
- Assemble: everything is composed into the interactive report and made queryable via chat.
Supported inputs
- Standard
.apkfiles. - Android App Bundles and split APKs.
- Kotlin/Java, Jetpack Compose, and classic Views.
- Flutter, React Native, and Unity (detected and summarized).
Grounding & accuracy
Claims in the report link back to the evidence they came from, a manifest entry, a detected library, a resource. When the analyzer can’t confirm something, it says so rather than guessing.
Privacy
Uploads are isolated per analysis and encrypted at rest. Proprietary binaries are never used to train public models. Manage retention and deletion from your workspace settings.